Lucene search
K
RustsecMost viewed

1141 matches found

RustSec
RustSec
•added 2023/01/24 12:0 p.m.•26 views

buf_redux is Unmaintained

Last release was over three years ago. The maintainers have been unreachable to respond to any issues that may or may not include security issues. The repository is now archived and there is no security policy in place to contact the maintainers otherwise. The safety-undocumented unsafe in the...

6.7AI score
Exploits0
RustSec
RustSec
•added 2022/11/10 12:0 p.m.•26 views

Bug in Wasmtime implementation of pooling instance allocator

Bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mapping for WebAssembly memories did not meet the compiler-required configuration...

7.4CVSS1AI score0.00577EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/09/29 12:0 p.m.•26 views

matrix-sdk Impersonation of room keys

When the user receives a forwarded room key, the software accepts it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack...

8.6CVSS4.6AI score0.00488EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/07/28 12:0 p.m.•26 views

Denial of service on deeply nested fragment requests

Deeply nested fragments in a GraphQL request may cause a stack overflow in the server...

7.5CVSS3.3AI score0.01331EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2022/05/21 12:0 p.m.•26 views

Panic due to improper UTF-8 indexing

When parsing untrusted rulex expressions, rulex may panic, possibly enabling a Denial of Service attack. This happens when the expression contains a multi- byte UTF-8 code point in a string literal or after a backslash, because rulex tries to slice into the code point and panics as a result. The...

6.5CVSS1.2AI score0.00796EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2021/11/16 12:0 p.m.•26 views

Data race when sending and receiving after closing a `oneshot` channel

If a tokio::sync::oneshot channel is closed via the oneshot::Receiver::close method, a data race may occur if the oneshot::Sender::send method is called while the corresponding oneshot::Receiver is awaited or calling tryrecv. When these methods are called concurrently on a closed channel, the two...

8.1CVSS0.8AI score0.01162EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2021/07/30 12:0 p.m.•26 views

Data race in crossbeam-deque

In the affected version of this crate, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this stil...

9.8CVSS0.6AI score0.01923EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2021/02/18 12:0 p.m.•26 views

`through` and `through_and` causes a double free if the map function panics

through and throughand take a mutable reference as well as a mapping function to change the provided reference. They do this by calling ptr::read on the reference which duplicates ownership and then calling the mapping function. If the mapping function panics, both the original object and the one...

9.8CVSS2.5AI score0.01326EPSS
Exploits1
RustSec
RustSec
•added 2021/02/14 12:0 p.m.•26 views

`nb-connect` invalidly assumes the memory layout of std::net::SocketAddr

The nb-connect crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about...

9.8CVSS2.7AI score0.01448EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/01/10 12:0 p.m.•26 views

Double drop upon panic in 'fn map_array()'

Affected versions of this crate did not guard against panic within the user-provided function f 2nd parameter of fn maparray, and thus panic within f causes double drop of a single object. The flaw was corrected in the 0.4.0 release by wrapping the object vulnerable to a double drop within...

7.5CVSS2.5AI score0.0139EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/12/27 12:0 p.m.•26 views

`Read` on uninitialized buffer in `fill_buf()` and `read_up_to()`

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...

4.2AI score
Exploits0
RustSec
RustSec
•added 2020/11/12 12:0 p.m.•26 views

Bunch<T> unconditionally implements Send/Sync

Affected versions of this crate unconditionally implements Send/Sync for Bunch. This allows users to insert T: !Sync to Bunch. It is possible to create a data race to a T: !Sync by invoking the Bunch::get API which returns &T from multiple threads. It is also possible to send T: !Send to other...

8.1CVSS3.7AI score0.01249EPSS
Exploits1
RustSec
RustSec
•added 2020/05/03 12:0 p.m.•26 views

futures_task::noop_waker_ref can segfault due to dereferencing a NULL pointer

Affected versions of the crate used a UnsafeCell in thread-local storage to return a noop waker reference, assuming that the reference would never be returned from another thread. This resulted in a segmentation fault crash if Waker::wakebyref was called on a waker returned from another thread du...

5.5CVSS2AI score0.00399EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/04/24 12:0 p.m.•26 views

Relies on undefined behavior of `char::from_u32_unchecked`

The Windows implementation of this crate relied on the behavior of std::char::fromu32unchecked when its safety clause is violated. Even though this worked with Rust versions up to 1.42 at least, that behavior could change with any new Rust version, possibly leading a security issue. The flaw was...

7.5CVSS3.5AI score0.01336EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2020/03/19 12:0 p.m.•26 views

Flaw in hyper allows request smuggling by sending a body in GET requests

Vulnerable versions of hyper allow GET requests to have bodies, even if there is no Transfer-Encoding or Content-Length header. As per the HTTP 1.1 specification, such requests do not have bodies, so the body will be interpreted as a separate HTTP request. This allows an attacker who can control...

9.8CVSS2.2AI score0.02797EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2020/02/11 12:0 p.m.•26 views

Lifetime boundary for `raw_slice` and `raw_slice_mut` are incorrect

The affected version of rulinalg has incorrect lifetime boundary definitions for RowMut::rawslice and RowMut::rawslicemut. They do not conform with Rust's borrowing rule and allows the user to create multiple mutable references to the same location. This may result in unexpected calculation resul...

9.8CVSS3.5AI score0.01648EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/01/08 12:0 p.m.•26 views

bespoke Cell implementation allows obtaining several mutable references to the same data

The custom implementation of a Cell primitive in the affected versions of this crate does not keep track of mutable references to the underlying data. This allows obtaining several mutable references to the same object which may result in arbitrary memory corruption, most likely use-after-free. T...

5.5CVSS3.5AI score0.00374EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2017/05/06 12:0 p.m.•26 views

Large cookie Max-Age values can cause a denial of service

Affected versions of this crate use the time crate and the method Duration::seconds to parse the Max-Age duration cookie setting. This method will panic if the value is greater than 2^64/1000 and less than or equal to 2^64, which can result in denial of service for a client or server. This flaw w...

7.5CVSS4.1AI score0.01485EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2026/03/29 12:0 p.m.•25 views

Potential Panic on Overlong Ciphertext Buffer

An application that passes in a ciphertext buffer of length greater than ptxt.len + TAGLEN to libcruxchacha20poly1305::encrypt or libcruxchacha20poly1305::xchacha20poly1305::encrypt would experience a panic. Impact An application where the length of the ciphertext buffer is under attacker control...

5.9AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2026/03/19 12:0 p.m.•25 views

tar-rs incorrectly ignores PAX size headers if header size is nonzero

Versions 0.4.44 and below of tar-rs have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518astral-cve, the astral-tokio-tar project was changed to correctly honor PAX size headers in the case where it was different from the...

8.1CVSS7.4AI score0.00688EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2022/05/21 12:0 p.m.•25 views

Stack overflow during recursive expression parsing

When parsing untrusted rulex expressions, the stack may overflow, possibly enabling a Denial of Service attack. This happens when parsing an expression with several hundred levels of nesting, causing the process to abort immediately. The flaw was corrected in commits 60aa2dc03a by adding a check ...

6.5CVSS3.4AI score0.00879EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2021/07/04 12:0 p.m.•25 views

Potential unaligned read

On windows, atty dereferences a potentially unaligned pointer. In practice however, the pointer won't be unaligned unless a custom global allocator is used. In particular, the System allocator on windows uses HeapAlloc, which guarantees a large enough alignment. atty is Unmaintained A Pull Reques...

6.8AI score
Exploits0
RustSec
RustSec
•added 2021/02/26 12:0 p.m.•25 views

Multiple functions can cause double-frees

The following functions in the crate are affected: IdMap::clonefrom The clonefrom implementation for IdMap drops the values present in the map and then begins cloning values from the other map. If a .clone call pancics, then the afformentioned dropped elements can be freed again. getorinsert...

9.8CVSS2.4AI score0.011EPSS
Exploits0
RustSec
RustSec
•added 2021/02/09 12:0 p.m.•25 views

Use after free possible in `uri::Formatter` on panic

Affected versions of this crate transmuted a &str to a &'static str before pushing it into a StackVec, this value was then popped later in the same function. This was assumed to be safe because the reference would be valid while the method's stack was active. In between the push and the pop,...

7.5CVSS1.2AI score0.01025EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/01/31 12:0 p.m.•25 views

KeyValueReader passes uninitialized memory to Read instance

The KeyValueReader type in affected versions of this crate set up an uninitialized memory buffer and passed them to be read in to a user-provided Read instance. The Read instance could read uninitialized memory and cause undefined behavior and miscompilations. This issue was fixed in commit dd59b...

9.8CVSS5.2AI score0.011EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2021/01/30 12:0 p.m.•25 views

`Read` on uninitialized buffer may cause UB (`impl Walue for Vec<u8>`)

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...

7.5CVSS2.8AI score0.01489EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/01/26 12:0 p.m.•25 views

Record::read : Custom `Read` on uninitialized buffer may cause UB

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Record::read Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized...

7.5CVSS3.2AI score0.01498EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/12/08 12:0 p.m.•25 views

Thex<T> allows data races of non-Send types across threads

thex::Thex implements Sync for all types T. However, it is missing a bound for T: Send. This allows non-Send types such as Rc to be sent across thread boundaries which can trigger undefined behavior and memory corruption...

5.5CVSS2.2AI score0.0031EPSS
Exploits0
RustSec
RustSec
•added 2020/09/27 12:0 p.m.•25 views

VecCopy allows misaligned access to elements

VecCopy::data is created as a Vec of u8 but can be used to store and retrieve elements of different types leading to misaligned access. The issue was resolved in v0.5.0 by replacing data being stored by Vec with a custom managed pointer. Elements are now stored and retrieved using types with prop...

5.5CVSS2.3AI score0.00374EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/09/03 12:0 p.m.•25 views

Obstack generates unaligned references

Obstack generates unaligned references for types that require a large alignment...

7.5CVSS2.3AI score0.0116EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2020/05/02 12:0 p.m.•25 views

failure is officially deprecated/unmaintained

The failure crate is officially end-of-life: it has been marked as deprecated by the former maintainer, who has announced that there will be no updates or maintenance work on it going forward. The following are some suggested actively developed alternatives to switch to: - anyhow - eyre - fehler ...

2.7AI score
Exploits0
RustSec
RustSec
•added 2020/01/16 12:0 p.m.•25 views

Parsing a specially crafted message can result in a stack overflow

Affected versions of this crate contained a bug in which decoding untrusted input could overflow the stack. On architectures with stack probes like x86, this can be used for denial of service attacks, while on architectures without stack probes like ARM overflowing the stack is unsound and can...

9.8CVSS5.2AI score0.0326EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2019/11/13 12:0 p.m.•25 views

Type confusion if __private_get_type_id__ is overridden

Safe Rust code can implement malfunctioning privategettypeid and cause type confusion when downcasting, which is an undefined behavior. Users who derive Fail trait are not affected...

9.8CVSS3.8AI score0.01487EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2017/01/26 12:0 p.m.•25 views

scalarmult() vulnerable to degenerate public keys

The scalarmult function included in previous versions of this crate accepted all-zero public keys, for which the resulting Diffie-Hellman shared secret will always be zero regardless of the private key used. This issue was fixed by checking for this class of keys and rejecting them if they are us...

6.5CVSS3.4AI score0.01251EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2026/06/22 12:0 p.m.•24 views

Remote memory exhaustion in quinn-proto from unbounded out-of-order stream reassembly

The Assembler component that assembles unordered stream fragments into consecutive chunks of the stream incurs some overhead for non-contiguous fragments. Readers that read from a RecvStream in order through an AsyncRead impl for example will be sensitive to peers that send fragments while leavin...

5.8AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2026/06/04 12:0 p.m.•24 views

`pqcrypto` is unmaintained: upstream PQClean project being archived

The pqcrypto crate and the entire pqcrypto- ecosystem wrap C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches, algorithm updates, or bug fixes will be applied to the upstream implementations. ...

5.8AI score
Exploits0
RustSec
RustSec
•added 2026/04/13 12:0 p.m.•24 views

`safe-agent-rs` was removed from crates.io for being affiliated with malicious code

While safe-agent-rs did not directly contain malicious code, it was owned by the same user as pretty-changelog-logger and microsoftsystem64. safe-agent-rs also appeared to be imitating a different websocket library. We decided to remove it out of an abundance of caution. This crate had 2 versions...

5.8AI score
Exploits0
RustSec
RustSec
•added 2023/04/12 12:0 p.m.•24 views

Parsing borsh messages with ZST which are not-copy/clone is unsound

Affected versions of borsh cause undefined behavior when zero-sized-types ZST are parsed and the Copy/Clone traits are not implemented/derived. For instance if 1000 instances of a ZST are deserialized, and the ZST is not copy this can be achieved through a singleton, then accessing/writing to...

6.5AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2021/12/07 12:0 p.m.•24 views

Incorrect Lifetime Bounds on Closures in `rusqlite`

The lifetime bound on several closure-accepting rusqlite functions specifically, functions which register a callback to be later invoked by SQLite was too relaxed. If a closure referencing borrowed values on the stack is was passed to one of these functions, it could allow Rust code to access...

7.5CVSS2.9AI score0.0118EPSS
Exploits7Affected Software1
RustSec
RustSec
•added 2021/10/22 12:0 p.m.•24 views

sodiumoxide is deprecated

Alternatives may be found - not in any specific order: - libsodium-sys-stable - dryoc - RustCrypto/nacl-compat cryptobox, cryptokx, cryptosecretstream - RustCrypto/xsalsa20poly1305 cryptosecretbox - Signatory - ed25519-compact - ed25519-dalek - ring Recommendations can be also found from: - Aweso...

1.7AI score
Exploits0
RustSec
RustSec
•added 2021/07/15 12:0 p.m.•24 views

Uncontrolled Search Path Element in sharkdp/bat

bat on windows before 0.18.2 executes programs named less.exe from the current working directory. This can lead to unintended code execution...

7.8CVSS2.8AI score0.00356EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2021/06/12 12:0 p.m.•24 views

`grep-cli` may run arbitrary executables on Windows

On Windows in versions of grep-cli prior to 0.1.6, it's possible for some of the routines to execute arbitrary executables. In particular, a quirk of the Windows process execution API is that it will automatically consider the current directory before other directories when resolving relative...

9.8CVSS3.5AI score0.01934EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2021/03/01 12:0 p.m.•24 views

Deserializing an array can drop uninitialized memory on panic

The readbytesdefaultle function for T; n arrays, used to deserialize arrays of T from bytes created a T; n array with std::mem::uninitialized and then called T's deserialization method. If T's deserialization method panicked, the uninitialized memory could drop invalid objects. This flaw was...

9.8CVSS2.7AI score0.01167EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2021/02/24 12:0 p.m.•24 views

swap_index can write out of bounds and return uninitialized memory

swapindex takes an iterator and swaps the items with their corresponding indexes. It reserves capacity and sets the length of the vector based on the .len method of the iterator. If the len returned by the iterator is larger than the actual number of elements yielded, then swapindex creates a...

7.5CVSS3.8AI score0.009EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/02/12 12:0 p.m.•24 views

Incorrect check on buffer length when seeding RNGs

Summary: randcore::le::readu32into and readu64into have incorrect checks on the source buffer length, allowing the destination buffer to be under-filled. Implications: some downstream RNGs, including Hc128Rng but not the more widely used ChaChaRng, allow seeding using the SeedableRng::fromseed...

9.8CVSS2.2AI score0.01243EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2021/01/20 12:0 p.m.•24 views

Soundness issues in `raw-cpuid`

Undefined behavior in asstring methods VendorInfo::asstring, SoCVendorBrand::asstring, and ExtendedFunctionInfo::processorbrandstring construct byte slices using std::slice::fromrawparts, with data coming from reprRust structs. This is always undefined behavior. See...

7.5CVSS0.8AI score0.01261EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/01/20 12:0 p.m.•24 views

QueryInterface should call AddRef before returning pointer

Affected version of this crate, which is a required dependency in com-impl, provides a faulty implementation of the IUnknown::QueryInterface method. QueryInterface implementation must call IUnknown::AddRef before returning the pointer, as describe in this documentation: As it is not incrementing...

7.5CVSS1.7AI score0.01053EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2020/12/21 12:0 p.m.•24 views

Update unsound DrainFilter and RString::retain

Affected versions of this crate contained code from the Rust standard library that contained soundness bugs rust-lang/rust60977 double drop & rust-lang/rust78498 create invalid utf-8 string. The flaw was corrected in v0.9.1 by making a similar fix to the one made in the Rust standard library...

7.5CVSS2.9AI score0.01413EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/12/18 12:0 p.m.•24 views

SyncRef's clone() and debug() allow data races

Affected versions of this crate unconditionally implement Sync for SyncRef. This definition allows data races if &T is accessible through &SyncRef. SyncRef derives Clone and Debug, and the default implementations of those traits access &T by invoking T::clone & T::fmt. It is possible to create da...

8.1CVSS2.8AI score0.01059EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/12/08 12:0 p.m.•24 views

ImageChunkMut needs bounds on its Send and Sync traits

In the affected versions of this crate, ImageChunkMut unconditionally implements Send and Sync, allowing to create data races. This can result in a memory corruption or undefined behavior when non thread-safe types are moved and referenced across thread boundaries. The flaw was corrected in commi...

7CVSS1.9AI score0.00344EPSS
Exploits1Affected Software1
Total number of security vulnerabilities1141