Lucene search
K
RustsecMost viewed

1141 matches found

RustSec
RustSec
•added 2020/05/11 12:0 p.m.•21 views

rio allows a use-after-free buffer access when a future is leaked

When a rio::Completion is leaked, its drop code will not run. The drop code is responsible for waiting until the kernel completes the I/O operation into, or out of, the buffer borrowed by rio::Completion. Leaking the struct will allow one to access and/or drop the buffer, which can lead to a...

9.8CVSS3.1AI score0.01541EPSS
Exploits0
RustSec
RustSec
•added 2020/05/07 12:0 p.m.•21 views

bigint is unmaintained, use uint instead

The bigint crate is not maintained any more and contains several known bugs including a soundness bug; use uint instead...

9.8CVSS2AI score0.01515EPSS
Exploits0
RustSec
RustSec
•added 2020/01/30 12:0 p.m.•21 views

Use-after-free in Framed due to lack of pinning

Affected versions of this crate did not require the buffer wrapped in Framed to be pinned, but treated it as if it had a fixed location in memory. This may result in a use-after-free. The flaw was corrected by making the affected functions accept Pin instead of &mut self...

9.8CVSS4.2AI score0.01629EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/01/24 12:0 p.m.•21 views

sigstack allocation bug can cause memory corruption or leak

An embedding using affected versions of lucet-runtime configured to use non-default Wasm globals sizes of more than 4KiB, or compiled in debug mode without optimizations, could leak data from the signal handler stack to guest programs. This can potentially cause data from the embedding host to le...

9.1CVSS1.1AI score0.01505EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/11/16 12:0 p.m.•21 views

HeaderMap::Drain API is unsound

Affected versions of this crate incorrectly used raw pointer, which introduced unsoundness in its public safe API. Failing to drop the Drain struct causes double-free, and it is possible to violate Rust's alias rule and cause data race with Drain's Iterator implementation. The flaw was corrected ...

9.8CVSS2.4AI score0.01812EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/10/11 12:0 p.m.•21 views

generichash::Digest::eq always return true

PartialEq implementation for generichash::Digest has compared itself to itself. Digest::eq always returns true and Digest::ne always returns false...

9.8CVSS2.3AI score0.01484EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/04/19 12:0 p.m.•21 views

Unaligned memory access

Affected versions of this crate violated alignment when casting byte slices to integer slices, resulting in undefined behavior. The flaw was corrected by Ralf Jung and Diggory Hardy...

9.8CVSS3.8AI score0.01545EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2018/09/17 12:0 p.m.•21 views

Uncontrolled recursion leads to abort in deserialization

Affected versions of this crate did not prevent deep recursion while deserializing data structures. This allows an attacker to make a YAML file with deeply nested structures that causes an abort while deserializing it. The flaw was corrected by checking the recursion depth. Note: clap 2.33 is not...

7.5CVSS3.9AI score0.01411EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2018/07/19 12:0 p.m.•21 views

Possible double free during unwinding in SmallVec::insert_many

If an iterator passed to SmallVec::insertmany panicked in Iterator::next, destructors were run during unwinding while the vector was in an inconsistent state, possibly causing a double free a destructor running on two copies of the same value. This is fixed in smallvec 0.6.3 by ensuring that the...

9.8CVSS2.2AI score0.01798EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2017/03/15 12:0 p.m.•21 views

Hostname verification skipped when custom root certs used

If custom root certificates were registered with a ClientBuilder, the hostname of the target server would not be validated against its presented leaf certificate. This issue was fixed by properly configuring the trust evaluation logic to perform that check...

5.3CVSS1.2AI score0.00654EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2016/05/09 12:0 p.m.•21 views

HTTPS MitM vulnerability due to lack of hostname verification

When used on Windows platforms, all versions of Hyper prior to 0.9.4 did not perform hostname verification when making HTTPS requests. This allows an attacker to perform MitM attacks by preventing any valid CA-issued certificate, even if there's a hostname mismatch. The problem was addressed by...

5.8CVSS2.3AI score0.00738EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2026/05/21 12:0 p.m.•20 views

WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-2r75-cxrj-cmph For more information see the GitHub-hosted security advisory...

7.5CVSS5.8AI score0.00357EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2023/03/24 12:0 p.m.•20 views

TLS certificate common name validation bypass

The NATS official Rust clients are vulnerable to MitM when using TLS. The common name of the server's TLS certificate is validated against the hostname provided by the server's plaintext INFO message during the initial connection setup phase. A MitM proxy can tamper with the host field's value by...

6.5AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/09/19 12:0 p.m.•20 views

`tauri` filesystem scope partial bypass

A bug identified in this issue allows a partial filesystem scope bypass if glob characters are used within file dialog or drag-and-drop functionalities. This PR fixes the issue by escaping glob characters...

4.7CVSS4.7AI score0.00421EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/05/11 12:0 p.m.•20 views

wee_alloc is Unmaintained

Two of the maintainers have indicated that the crate may not be maintained. The crate has open issues including memory leaks and may not be suitable for production use. It may be best to switch to the default Rust standard allocator on wasm32 targets. Last release seems to have been three years...

2AI score
Exploits0
RustSec
RustSec
•added 2022/01/19 12:0 p.m.•20 views

Space bug in `clean_text`

An incorrect mapping from HTML specification to ASCII codes was used. Because HTML treats the Form Feed as whitespace, code like this has an injection bug: let html = format!"", cleantextusersuppliedstring; Applications are not affected if they quote their attributes, or if they don't use cleante...

1.4AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2021/07/25 12:0 p.m.•20 views

Remote memory exhaustion in ckb

In the ckb sync protocol, SyncState maintains a HashMap called 'misbehavior' that keeps a score of a peer's violations of the protocol. This HashMap is keyed to PeerIndex an alias for SessionId, and entries are never removed from it. SessionId is an integer that increases monotonically with every...

7.8CVSS1.5AI score0.01466EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2021/07/13 12:0 p.m.•20 views

libsecp256k1 allows overflowing signatures

libsecp256k1 accepts signatures whose R or S parameter is larger than the secp256k1 curve order, which differs from other implementations. This could lead to invalid signatures being verified. The error is resolved in 0.5.0 by adding a checkoverflow flag...

9.8CVSS4.1AI score0.00935EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/07/08 12:0 p.m.•20 views

Flaw in `FieldVar::mul_by_inverse` allows unsound R1CS constraint systems

Versions 0.2.0 to 0.3.0 of ark-r1cs-std did not enforce any constraints in the FieldVar::mulbyinverse method, allowing a malicious prover to produce an unsound proof that passes all verifier checks. This method was used primarily in scalar multiplication for shortweierstrass::ProjectiveVar. This...

9.8CVSS4.8AI score0.01275EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/03/07 12:0 p.m.•20 views

'merge_sort::merge()' crashes with double-free for `T: Drop`

In the affected versions of this crate, mergesort::merge wildly duplicates and drops ownership of T without guarding against double-free. Due to such implementation, simply invoking mergesort::merge on Vec can cause double free bugs...

7.5CVSS3.4AI score0.00961EPSS
Exploits0
RustSec
RustSec
•added 2021/03/06 12:0 p.m.•20 views

Multiple memory safety issues

Affected versions contain multiple memory safety issues, such as: - Setting a multi label type where an image doesn't exist would lead to a NULL pointer dereference. - Setting a window icon using a non-raster image which FLTK rasterizes lazily would lead to a NULL dereference. - Pixmap constructo...

9.1CVSS1.4AI score0.01278EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2021/02/17 12:0 p.m.•20 views

PartialReader passes uninitialized memory to user-provided Read

Affected versions of this crate passed an uniniitalized buffer to a user-provided Read instance in PartialReader::read. This can result in safe Read implementations reading from the uninitialized buffer leading to undefined behavior. The flaw was fixed in commit 39d62c6 by zero-initializing the...

7.5CVSS5.4AI score0.009EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/01/12 12:0 p.m.•20 views

panic safety: double drop or uninitialized drop of T upon panic

Affected versions of this crate did not guard against potential panics that may happen from user-provided functions T::default and T::drop. Panic within T::default leads to dropping uninitialized T, when it is invoked from common::Slice::::new. Panic within T::drop leads to double drop of T, when...

2.5AI score
Exploits0
RustSec
RustSec
•added 2021/01/03 12:0 p.m.•20 views

`Read` on uninitialized buffer can cause UB (impl of `ReadKVExt`)

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...

9.8CVSS3.7AI score0.01191EPSS
Exploits0
RustSec
RustSec
•added 2020/12/10 12:0 p.m.•20 views

Aovec<T> lacks bound on its Send and Sync traits allowing data races

aovec::Aovec is a vector type that implements Send and Sync for all types T. This allows non-Send types such as Rc and non-Sync types such as Cell to be used across thread boundaries which can trigger undefined behavior and memory corruption...

7CVSS2.7AI score0.00285EPSS
Exploits0
RustSec
RustSec
•added 2020/11/15 12:0 p.m.•20 views

Queue<T> should have a Send bound on its Send/Sync traits

Affected versions of this crate unconditionally implements Send/Sync for Queue. This allows 1 creating data races to a T: !Sync and 2 sending T: !Send to other threads, resulting in memory corruption or other undefined behavior...

8.1CVSS3.8AI score0.01098EPSS
Exploits1
RustSec
RustSec
•added 2020/11/11 12:0 p.m.•20 views

Argument injection in sendmail transport

Affected versions of lettre allowed argument injection to the sendmail command. It was possible, using forged to addresses, to pass arbitrary arguments to the sendmail executable. Depending on the implementation original sendmail, postfix, exim, etc. it could be possible in some cases to write...

5.3CVSS3.6AI score0.01503EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2020/11/10 12:0 p.m.•20 views

ReaderResult should be bounded by Sync

Affected versions of this crate implements Sync for ReaderResult with the trait bound T: Send, E: Send. Since matching on the public enum ReaderResult provides access to &T & &E, allowing data race to a non-Sync type T or E. This can result in a memory corruption when multiple threads concurrentl...

8.1CVSS1.1AI score0.00833EPSS
Exploits1
RustSec
RustSec
•added 2020/11/10 12:0 p.m.•20 views

`Shared` can cause a data race

Shared data structure in model crate implements Send and Sync traits regardless of the inner type. This allows safe Rust code to trigger a data race, which is undefined behavior in Rust. Users are advised to treat Shared as an unsafe type. It should not be used outside of the testing context, and...

8.1CVSS1.4AI score0.01098EPSS
Exploits1
RustSec
RustSec
•added 2020/11/09 12:0 p.m.•20 views

TreeFocus lacks bounds on its Send and Sync traits

Affected versions of im contains TreeFocus that unconditionally implements Send and Sync. This allows a data race in safe Rust code if TreeFocus is extracted from Focus type. Typical users that only use Focus type are not affected...

4.7CVSS4AI score0.00332EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/09/26 12:0 p.m.•20 views

array_queue pop_back() may cause a use-after-free

arrayqueue implements a circular queue that wraps around an array. However, it fails to properly index into the array in the popback function allowing the reading of previously dropped or uninitialized memory...

5.5CVSS3.3AI score0.00425EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/09/21 12:0 p.m.•20 views

Unsafe Send implementation in Atom allows data races

The atom crate contains a security issue revolving around its implementation of the Send trait. It incorrectly allows any arbitrary type to be sent across threads potentially leading to use-after-free issues through memory races...

4.7CVSS3.7AI score0.00196EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2020/08/25 12:0 p.m.•20 views

Chunk API does not respect align requirement

Chunk API does not respect the align requirement of types. Unaligned reference can be created with the API, which is an undefined behavior...

7.5CVSS1.8AI score0.00915EPSS
Exploits0
RustSec
RustSec
•added 2020/08/25 12:0 p.m.•20 views

Multiple security issues including data race, buffer overflow, and uninitialized memory drop

arr crate contains multiple security issues. Specifically, 1. It incorrectly implements Sync/Send bounds, which allows to smuggle non-Sync/Send types across the thread boundary. 2. Index and IndexMut implementation does not check the array bound. 3. Array::newfromtemplate drops uninitialized memo...

9.8CVSS3.6AI score0.01515EPSS
Exploits0
RustSec
RustSec
•added 2020/07/09 12:0 p.m.•20 views

Improper uniqueness verification of signature threshold

The tough library, prior to 0.7.1, does not properly verify the uniqueness of keys in the signatures provided to meet the threshold of cryptographic signatures. It allows someone with access to a valid signing key to create multiple valid signatures in order to circumvent TUF requiring a minimum...

9.8CVSS1.5AI score0.00979EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2020/06/14 12:0 p.m.•20 views

Allows viewing and modifying arbitrary structs as bytes

Affected versions of rgb crate allow viewing and modifying data of any type T wrapped in RGB as bytes, and do not correctly constrain RGB and other wrapper structures to the types for which it is safe to do so. Safety violation possible for a type wrapped in RGB and similar wrapper structures: If...

9.1CVSS4.2AI score0.01595EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/05/31 12:0 p.m.•20 views

Double free when calling `sys_info::disk_info` from multiple threads

Affected versions of sys-info use a static, global, list to store temporary disk information while running. The function that cleans up this list, DFCleanup, assumes a single threaded environment and will try to free the same memory twice in a multithreaded environment. This results in consistent...

9.8CVSS1.8AI score0.0123EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2020/05/01 12:0 p.m.•20 views

`net2` crate has been deprecated; use `socket2` instead

The net2 crate has been deprecated and users are encouraged to considered socket2 instead...

2.3AI score
Exploits0
RustSec
RustSec
•added 2020/01/22 12:0 p.m.•20 views

Observable Discrepancy in libsecp256k1-rs

A timing vulnerability in the Scalar::checkoverflow function in Parity libsecp256k1-rs before 0.3.1 potentially allows an attacker to leak information via a side-channel attack...

5.9CVSS3.9AI score0.00881EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2020/01/06 12:0 p.m.•20 views

Stack overflow when resolving additional records from MX or SRV null targets

There's a stack overflow leading to a crash and potential DOS when processing additional records for return of MX or SRV record types from the server. This is only possible when a zone is configured with a null target for MX or SRV records, i.e. '.'. Example effected zone record: text no-service...

7.5CVSS1.8AI score0.01439EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2019/11/21 12:0 p.m.•20 views

crust repo has been archived; use libp2p instead

The crust crate repo was archived with no warning or explanation. Given that it was archived with no warning or successor, there's not an official replacement but rust-libp2p looks like it's got a similar feature set and is actively maintained...

2.4AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2019/09/14 12:0 p.m.•20 views

Stream callback function is not unwind safe

Affected versions of this crate is not panic safe within callback functions streamcallback and streamfinishedcallback. The call to user-provided closure might panic before a mem::forget call, which then causes a use after free that grants attacker to control the callback function pointer. This...

9.8CVSS5.3AI score0.02506EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2019/09/06 12:0 p.m.•20 views

fix unsound APIs that could lead to UB

Affected versions of this crate API could use uninitialized memory with some APIs in special cases, like use the API in none generator context. This could lead to UB. The flaw was corrected by This patch fixes all those issues above...

7.8CVSS2.6AI score0.01635EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/08/25 12:0 p.m.•20 views

HMAC-BLAKE2 algorithms compute incorrect results

When used in conjunction with the Hash-based Message Authentication Code HMAC, the BLAKE2b and BLAKE2s implementations in blake2 crate versions prior to v0.8.1 used an incorrect block size 32-bytes instead of 64-bytes for BLAKE2s, and 64-bytes instead of 128-bytes for BLAKE2b, causing them to...

9.8CVSS2.9AI score0.00933EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/06/24 12:0 p.m.•20 views

Flaw in string parsing can lead to crashes due to invalid memory access.

The affected version of this crate did not guard against accessing memory beyond the range of its input data. A pointer cast to read the data into a 256-bit register could lead to a segmentation fault when the end plus the 32 bytes 256 bit read would overlap into the next page during string...

7.5CVSS2.8AI score0.01398EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/06/13 12:0 p.m.•20 views

Processing of maliciously crafted length fields causes memory allocation SIGABRTs

Affected versions of this crate tried to preallocate a vector for an arbitrary amount of bytes announced by the ASN.1-DER length field without further checks. This allows an attacker to trigger a SIGABRT by creating length fields that announce more bytes than the allocator can provide. The flaw w...

7.5CVSS4AI score0.01382EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/05/07 12:0 p.m.•20 views

Bug in SliceDeque::move_head_unchecked corrupts its memory

Affected versions of this crate entered a corrupted state if mem::sizeof:: % allocationgranularity != 0 and a specific allocation pattern was used: sufficiently shifting the deque elements over the mirrored page boundary. This allows an attacker that controls controls both element insertion and...

9.8CVSS2.4AI score0.01611EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/04/27 12:0 p.m.•20 views

Uncontrolled recursion leads to abort in HTML serialization

Affected versions of this crate did use recursion for serialization of HTML DOM trees. This allows an attacker to cause abort due to stack overflow by providing a pathologically nested input. The flaw was corrected by serializing the DOM tree iteratively instead...

7.5CVSS3.8AI score0.01411EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2018/12/22 12:0 p.m.•20 views

Possible use-after-free with `proplist::Iterator`

Affected versions contained a possible use-after-free issue with property list iteration due to a lack of a lifetime constraint tying the lifetime of a proplist::Iterator to the Proplist object for which it was created. This made it possible for users, without experiencing a compiler error/warnin...

6.5CVSS3.3AI score0.00988EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2017/04/17 12:0 p.m.•20 views

lz4-compress is unmaintained

According to the developers this crate is no longer maintained. The suggested alternative is lz4-compression, a maintained fork of lz4-compress. See also lz-fear which is compatible with the reference LZ4 implementation in C, but not with lz4-compress...

3AI score
Exploits0
Total number of security vulnerabilities1141