Lucene search
K
RustsecMost viewed

1141 matches found

RustSec
RustSec
•added 2020/11/10 12:0 p.m.•24 views

hashconsing's HConsed lacks Send/Sync bound for its Send/Sync trait.

Affected versions of hashconsing implements Send/Sync for its HConsed type without restricting it to Sendable types and Syncable types. This allows non-Sync types such as Cell to be shared across threads leading to undefined behavior and memory corruption in concurrent programs...

7.5CVSS3AI score0.0136EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/11/10 12:0 p.m.•24 views

Potential segfault in `localtime_r` invocations

Impact Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library...

5.3CVSS3.6AI score0.01881EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2020/08/20 12:0 p.m.•24 views

StrcCtx deallocates a memory region that it doesn't own

StrcCtx deallocate a memory region that it doesn't own when StrcCtx is created without using StrcCtx::new. This can introduce memory safety issues such as double-free and use-after-free to client programs...

9.8CVSS2.9AI score0.01515EPSS
Exploits0
RustSec
RustSec
•added 2020/07/04 12:0 p.m.•24 views

Ozone contains several memory safety issues

Ozone contains several memory safety issues including out-of-bound access and dropping of uninitialized memory...

3.1AI score
Exploits0
RustSec
RustSec
•added 2020/06/16 12:0 p.m.•24 views

HTTP Request smuggling through malformed Transfer Encoding headers

HTTP pipelining issues and request smuggling attacks are possible due to incorrect Transfer encoding header parsing. It is possible conduct HTTP request smuggling attacks CL:TE/TE:TE by sending invalid Transfer Encoding headers. By manipulating the HTTP response the attacker could poison a...

6.5CVSS1.3AI score0.01065EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/08/24 12:0 p.m.•24 views

Cloned interners may read already dropped strings

Affected versions of this crate did not clone contained strings when an interner is cloned. Interners have raw pointers to the contained strings, and they keep pointing the strings which the old interner owns, after the interner is cloned. If a new cloned interner is alive and the old original...

7.5CVSS2.1AI score0.01547EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2019/07/19 12:0 p.m.•24 views

Memory corruption in SmallVec::grow()

Attempting to call grow on a spilled SmallVec with a value less than the current capacity causes corruption of memory allocator data structures. An attacker that controls the value passed to grow may exploit this flaw to obtain memory contents or gain remote code execution. Credits to @ehuss for...

9.8CVSS3.1AI score0.02144EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/06/08 12:0 p.m.•24 views

Out of Memory in stream::read_raw_bytes_into()

Affected versions of this crate called Vec::reserve on user-supplied input. This allows an attacker to cause an Out of Memory condition while calling the vulnerable method on untrusted data...

7.5CVSS5.6AI score0.03764EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2018/10/09 12:0 p.m.•24 views

Stack overflow when parsing malicious DNS packet

There's a stack overflow leading to a crash when Trust-DNS's parses a malicious DNS packet. Affected versions of this crate did not properly handle parsing of DNS message compression RFC1035 section 4.1.4. The parser could be tricked into infinite loop when a compression offset pointed back to th...

7.5CVSS3.6AI score0.01411EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2018/06/29 12:0 p.m.•24 views

Links in archives can overwrite any existing file

When unpacking a tarball with the unpackin-family of functions it's intended that only files within the specified directory are able to be written. Tarballs with hard links or symlinks, however, can be used to overwrite any file on the filesystem. Tarballs can contain multiple entries for the sam...

7.5CVSS0.2AI score0.01676EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2017/01/23 12:0 p.m.•24 views

headers containing newline characters can split messages

Serializing of headers to the socket did not filter the values for newline bytes \r or \n, which allowed for header values to split a request or response. People would not likely include newlines in the headers in their own applications, so the way for most people to exploit this is if an...

5.3CVSS3AI score0.01033EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2016/09/06 12:0 p.m.•24 views

rust-crypto is unmaintained; switch to a modern alternative

The rust-crypto crate has not seen a release or GitHub commit since 2016, and its author is unresponsive. NOTE: The old rust-crypto crate with hyphen should not be confused with similarly named new RustCrypto GitHub Org without hyphen. The GitHub Org is actively maintained. We recommend you switc...

1.3AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2026/04/23 12:0 p.m.•23 views

`sui-execution-cut` was removed from crates.io for malicious code

sui-execution-cut included a build script that attempted to exfiltrate data from the build machine. The malicious crate had 1 version published on 2026-04-20 and had no evidence of actual usage. This crate had no dependencies on crates.io...

5.8AI score
Exploits0
RustSec
RustSec
•added 2025/02/10 12:0 p.m.•23 views

totally-safe introduces memory vulnerabilities in safe Rust

totally-safe provides unsound APIs that exploit a soundness bug in rustc: https://github.com/rust-lang/rust/issues/25860...

7.1AI score
Exploits0
RustSec
RustSec
•added 2022/01/05 12:0 p.m.•23 views

lmdb is unmaintained, use lmdb-rkv instead

The lmdb crate hasn't had any updates since August 2018. Mozilla's lmdb-rkv fork of the crate has received additional maintenance work beyond that and is the best available replacement...

1.8AI score
Exploits0
RustSec
RustSec
•added 2021/12/05 12:0 p.m.•23 views

`encoding` is unmaintained

Last release was on 2016-08-28. The issue inquiring as to the status of the crate has gone unanswered by the maintainer. Possible alternatives - encodingrs...

2.2AI score
Exploits0
RustSec
RustSec
•added 2021/10/17 12:0 p.m.•23 views

abomonation transmutes &T to and from &[u8] without sufficient constraints

This transmute is at the core of the abomonation crates. It's so easy to use it to violate alignment requirements that no test in the crate's test suite passes under miri. The use of this transmute in serialization/deserialization also incorrectly assumes that the layout of a reprRust type is...

7.5CVSS1.2AI score0.00972EPSS
Exploits0
RustSec
RustSec
•added 2021/09/24 12:0 p.m.•23 views

`#[zeroize(drop)]` doesn't implement `Drop` for `enum`s

Affected versions of this crate did not implement Drop when zeroizedrop was used on an enum. This can result in memory not being zeroed out after dropping it, which is exactly what is intended when adding this attribute. The flaw was corrected in version 1.2 and zeroizedrop on enums now properly...

9.8CVSS3.7AI score0.01191EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2021/06/01 12:0 p.m.•23 views

`mopa` is technically unsound

The mopa crate redefines the deprecated TraitObject struct from core::raw like so: rust reprC deriveCopy, Clone dochidden pub struct TraitObject pub data: mut , pub vtable: mut , This is done to then transmute a reference to a trait object &dyn Trait for any trait Trait into this struct and...

9.8CVSS0.4AI score0.01646EPSS
Exploits0
RustSec
RustSec
•added 2021/05/19 12:0 p.m.•23 views

Soundness issue in `iced-x86` versions <= 1.10.3

Versions of iced-x86...

9.8CVSS2.1AI score0.01275EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/02/17 12:0 p.m.•23 views

`Read` on uninitialized buffer may cause UB ('tectonic_xdv' crate)

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...

9.8CVSS3.6AI score0.01191EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2021/01/31 12:0 p.m.•23 views

split_at allows obtaining multiple mutable references to the same data

Affected versions of this crate assumed that Borrow was guaranteed to return the same value on .borrow. The borrowed index value was used to retrieve a mutable reference to a value. If the Borrow implementation returned a different index, the split arena would allow retrieving the index as a...

9.8CVSS3.1AI score0.01377EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/01/26 12:0 p.m.•23 views

insert_many can drop elements twice on panic

Affected versions of insertmany used ptr::copy to move over items in a vector to make space before inserting, duplicating their ownership. It then iterated over a provided Iterator to insert the new items. If the iterator's .next method panics then the vector would drop the same elements twice...

7.5CVSS4.2AI score0.01135EPSS
Exploits1
RustSec
RustSec
•added 2021/01/07 12:0 p.m.•23 views

columnar: `Read` on uninitialized buffer may cause UB (ColumnarReadExt::read_typed_vec())

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation ColumnarReadExt::readtypedvec. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading...

9.8CVSS3.2AI score0.01191EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2021/01/04 12:0 p.m.•23 views

EventList's From<EventList> conversions can double drop on panic.

Affected versions of this crate read from a container using ptr::read in From, and then call a user specified Into function. This issue can result in a double-free if the user provided function panics...

7.5CVSS2.9AI score0.01327EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/01/01 12:0 p.m.•23 views

Exposes internally used raw pointer

Affected versions of this crate dereference a raw pointer that can be modified without using unsafe code...

7.5CVSS3.4AI score0.01397EPSS
Exploits1
RustSec
RustSec
•added 2020/12/22 12:0 p.m.•23 views

`Demuxer` can carry non-Send types across thread boundaries

In the affected versions of this crate, Demuxer unconditionally implemented Send with no trait bounds on T. This allows sending a non-Send type T across thread boundaries, which can cause undefined behavior like unlocking a mutex from a thread that didn't lock the mutex, or memory corruption from...

5.9CVSS2.7AI score0.00801EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/12/18 12:0 p.m.•23 views

ImmediateIO and TransactionalIO can cause data races

The ImmediateIO and TransactionalIO types implement Sync for all contained Expander types regardless of if the Expander itself is safe to use across threads. As the IO types allow retrieving the Expander, this can lead to non-thread safe types being sent across threads as part of the Expander...

5.9CVSS3.7AI score0.00978EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/11/15 12:0 p.m.•23 views

SyncChannel<T> can move 'T: !Send' to other threads

Affected versions of this crate unconditionally implement Send/Sync for SyncChannel. SyncChannel doesn't provide access to &T but merely serves as a channel that consumes and returns owned T. Users can create UB in safe Rust by sending T: !Send to other threads with SyncChannel::send/recv APIs...

8.1CVSS3.9AI score0.00766EPSS
Exploits0
RustSec
RustSec
•added 2020/09/24 12:0 p.m.•23 views

Missing check in ArrayVec leads to out-of-bounds write.

ArrayVec::insert allows insertion of an element into the array object into the specified index. Due to a missing check on the upperbound of this index, it is possible to write out of bounds...

10CVSS3.2AI score0.01844EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2020/09/03 12:0 p.m.•23 views

`index()` allows out-of-bound read and `remove()` has off-by-one error

Slab::index does not perform the boundary checking, which leads to out-of-bound read access. Slab::remove copies an element from an invalid address due to off-by-one error, resulting in memory leakage and uninitialized memory drop...

9.1CVSS3.3AI score0.0151EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2020/08/18 12:0 p.m.•23 views

Missing sanitization in mozwire allows local file overwrite of files ending in .conf

The client software downloaded a list of servers from mozilla's servers and created local files named after the hostname field in the json document. No verification of the content of the string was made, and it could therefore have included '../' leading to path traversal. This allows an attacker...

9.1CVSS3AI score0.01507EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2020/06/26 12:0 p.m.•23 views

Undefined Behavior in bounded channel

The affected version of this crate's the bounded channel incorrectly assumes that Vec::fromiter has allocated capacity that same as the number of iterator elements. Vec::fromiter does not actually guarantee that and may allocate extra memory. The destructor of the bounded channel reconstructs Vec...

9.8CVSS2AI score0.02776EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2019/11/16 12:0 p.m.•23 views

Integer Overflow in HeaderMap::reserve() can cause Denial of Service

HeaderMap::reserve used usize::nextpoweroftwo to calculate the increased capacity. However, nextpoweroftwo silently overflows to 0 if given a sufficiently large number in release mode. If the map was not empty when the overflow happens, the library will invoke self.grow0 and start infinite probin...

2.1AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2019/09/01 12:0 p.m.•23 views

Panic during initialization of Lazy<T> might trigger undefined behavior

If during the first dereference of Lazy the initialization function panics, subsequent dereferences will execute std::hints::unreachableunchecked. Applications with panic = "abort" are not affected, as there will be no subsequent dereferences...

7.5CVSS4.1AI score0.01583EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/07/16 12:0 p.m.•23 views

Flaw in offset_of and span_of causes SIGILL, drops uninitialized memory of arbitrary type on panic in client code

Affected versions of this crate caused traps and/or memory unsafety by zero-initializing references. They also could lead to uninitialized memory being dropped if the field for which the offset is requested was behind a deref coercion, and that deref coercion caused a panic. The flaw was correcte...

7.5CVSS3.6AI score0.01751EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/06/15 12:0 p.m.•23 views

Buffer overflow and format vulnerabilities in functions exposed without unsafe

ncurses exposes functions from the ncurses library which: - Pass buffers without length to C functions that may write an arbitrary amount of data, leading to a buffer overflow. instr, mvwinstr, etc - Passes rust &str to strings expecting C format arguments, allowing hostile input to execute a...

9.8CVSS4.7AI score0.01615EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/05/15 12:0 p.m.•23 views

Failure to properly verify ed25519 signatures makes any signature valid

Affected versions of this crate did not properly verify ed25519 signatures. Any signature with a correct length was considered valid. This allows an attacker to impersonate any node identity...

7.5CVSS4.7AI score0.00765EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2026/06/20 12:0 p.m.•22 views

Unchecked pointer offset in crate `memmap2`

Affected versionf of memmap2 did not perform enough validation on the offset and len parameters of Mmap::uncheckedadviserange, MmapMut::uncheckedadviseranage and MmapMut::flushasyncrange. This can cause undefined behavior due to invalid values being passed to pointer::offset and pointer::add when...

5.9AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2026/06/06 12:0 p.m.•22 views

DoS vulnerability in HTTP/1.x chunked encoding parser triggered by maliciously crafted chunk lengths

When using the affected versions of the vibeio-http crate, an attacker could craft a malicious HTTP/1.x request with a large chunk length between usize::MAX - 1 and usize::MAX inclusive and send it, causing the server to crash integer overflow panic in debug builds, splitto out of bounds panic in...

5.5AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2023/03/24 12:0 p.m.•22 views

`openssl` `X509NameBuilder::build` returned object is not thread safe

OpenSSL has a modified bit that it can set on on X509NAME objects. If this bit is set then the object is not thread-safe even when it appears the code is not modifying the value. Thanks to David Benjamin Google for reporting this issue...

6.8AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/11/30 12:0 p.m.•22 views

out-of-bounds read possible when setting list-of-pointers

If a message consumer expects data of type "list of pointers", and if the consumer performs certain specific actions on such data, then a message producer can cause the consumer to read out-of-bounds memory. This could trigger a process crash in the consumer, or in some cases could allow...

5.4CVSS1.2AI score0.00852EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/10/24 12:0 p.m.•22 views

matrix-sdk 0.6.0 logs access tokens

When sending Matrix requests using an affected version of matrix-sdk in an application that writes logs using tracing-subscriber in a way that includes fields of tracing spans such as tracingsubscribers default text output from the fmt module, these logs will contain the user's access token...

4.3AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/07/22 12:0 p.m.•22 views

Slack OAuth Secrets leak in debug logs

Debug log formatting made it possible to leak OAuth secrets into debug logs. The patched version has introduced more strict checks to avoid this...

7.5CVSS2.9AI score0.00739EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2021/07/25 12:0 p.m.•22 views

Miner fails to get block template when a cell used as a cell dep has been destroyed.

Impact The RPC getblocktemplate fails when a cell has been used as a cell dep and an input in the different transactions. Say cell C is used as a dep group in the transaction A, and is destroyed in the transaction B. The node adds transaction A first, then B into the transaction pool. They are bo...

9.8CVSS0.6AI score0.01191EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2021/07/07 12:0 p.m.•22 views

Integer overflow in `hyper`'s parsing of the `Transfer-Encoding` header leads to data loss

When decoding chunk sizes that are too large, hyper's code would encounter an integer overflow. Depending on the situation, this could lead to data loss from an incorrect total size, or in rarer cases, a request smuggling attack. To be vulnerable, you must be using hyper for any HTTP/1 purpose,...

9.1CVSS3AI score0.01133EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/01/11 12:0 p.m.•22 views

FromIterator implementation for Vector/Matrix can drop uninitialized memory

The FromIterator methods for Vector and Matrix rely on the type parameter N to allocate space in the iterable. If the passed in N type parameter is larger than the number of items returned by the iterator, it can lead to uninitialized memory being left in the Vector or Matrix type which gets...

9.8CVSS3.1AI score0.01326EPSS
Exploits1
RustSec
RustSec
•added 2021/01/06 12:0 p.m.•22 views

`Sectors::get` accesses unclaimed/uninitialized memory

Affected versions of this crate arbitrarily calls Vec::setlen to increase length of a vector without claiming more memory for the vector. Affected versions of this crate also calls user-provided Read on the uninitialized memory of the vector that was extended with Vec::setlen. This can overwrite...

9.8CVSS3AI score0.01728EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/01/05 12:0 p.m.•22 views

`Read` on uninitialized memory may cause UB (fn preamble_skipcount())

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation within fn preambleskipcount. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading fro...

9.8CVSS3.6AI score0.01191EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2021/01/04 12:0 p.m.•22 views

XSS in mdBook's search page

This is a cross-post of the official security advisoryml. The official post contains a signed version with our PGP key, as well. ml: https://groups.google.com/g/rustlang-security-announcements/c/3-sO6of29O0 The Rust Security Response Working Group was recently notified of a security issue affecti...

8.2CVSS3.1AI score0.01254EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1141