Lucene search
K
RustsecMost viewed

1141 matches found

RustSec
RustSec
added 2026/06/05 12:0 p.m.19 views

Possible use after free when deserializing a SQLite database via `SqliteConnection::deserialize_readonly_database`

Diesel allows loading a SQLite database from a byte buffer, represented as &u8, at runtime via the SqliteConnection::deserializereadonlydatabase function. In previous versions of Diesel, this buffer was passed directly to libsqlite3. Since libsqlite3 requires the buffer to remain alive for as lon...

5.7AI score
Exploits0Affected Software1
RustSec
RustSec
added 2026/06/04 12:0 p.m.19 views

`pqcrypto-mlkem` is unmaintained: upstream PQClean project being archived

This crate provides Rust bindings to ML-KEM FIPS 203 via C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches or bug fixes will be applied to the upstream implementations. As a result, this crat...

5.8AI score
Exploits0
RustSec
RustSec
added 2026/05/08 12:0 p.m.19 views

`InterfaceAccount` allows account substitution between unexpected types

Affected versions of anchor-lang allowed InterfaceAccount to accept accounts with an unexpected Anchor discriminator. A change to InterfaceAccount caused checked deserialization to be bypassed for this account wrapper, so validation proved only that the account owner matched one of the accepted...

5.8AI score
Exploits0Affected Software1
RustSec
RustSec
added 2026/03/10 12:0 p.m.19 views

`chrono_anchor` was removed from crates.io due to malicious code

The chronoanchor crate attempted to exfiltrate .env files to a server that was in turn impersonating the legitimate timeapi.io service. The malicious crate had 1 version published on 2026-03-04 approximately 6 days before removal and had no evidence of actual downloads. There were no crates...

5.8AI score
Exploits0
RustSec
RustSec
added 2025/02/10 12:0 p.m.19 views

totally-safe-transmute allows transmuting any type to any other type in safe Rust

This crate is a toy and should never be used. It showcases a known soundness issue https://github.com/rust-lang/rust/issues/32670 that will never get fixed. In short, Linux provides a file called /proc/self/mem which can be used by a program to modify its own memory. This library modifies an enum...

7AI score
Exploits0
RustSec
RustSec
added 2025/02/10 12:0 p.m.19 views

cve-rs introduces memory vulnerabilities in safe Rust

This crate is a joke and should never be used. cve-rs provides demonstrations of common memory vulnerabilities such as buffer overflows and segfaults implemented completely within safe Rust. Internally, this crate does not use unsafe code, it instead exploits a soundness bug in rustc:...

7.4AI score
Exploits0
RustSec
RustSec
added 2024/10/07 12:0 p.m.19 views

paste - no longer maintained

The creator of the crate paste has stated in the README.md that this project is not longer maintained as well as archived the repository Possible Alternatives - pastey: a fork of paste and is aimed to be a drop-in replacement with additional features for paste crate - withbuiltinmacros: crate...

5.9AI score
Exploits0
RustSec
RustSec
added 2023/02/25 12:0 p.m.19 views

Ascii allows out-of-bounds array indexing in safe code

Affected version of this crate had implementation of From for &mut u8 and &mut str. This can result in out-of-bounds array indexing in safe code. The flaw was corrected in commit 8a6c779 by removing those impls...

4.5AI score
Exploits0Affected Software1
RustSec
RustSec
added 2023/02/24 12:0 p.m.19 views

Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU)

The removedirall crate is a Rust library that offers additional features over the Rust standard library fs::removedirall function. It was possible to trick a privileged process doing a recursive delete in an attacker controlled directory into deleting privileged files, on all operating systems. F...

0.6AI score
Exploits0Affected Software1
RustSec
RustSec
added 2022/10/30 12:0 p.m.19 views

Denial of Service from unchecked request length

Prior to version 0.4.2, conduit-hyper did not check any limit on a request's length before calling hyper::body::tobytes. An attacker could send a malicious request with an abnormally large Content-Length, which could lead to a panic if memory allocation failed for that request. In version 0.4.2,...

7.5CVSS3.3AI score0.00689EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2022/07/30 12:0 p.m.19 views

Post-Quantum Key Encapsulation Mechanism SIKE broken

Wouter Castryck and Thomas Decru presented an efficient key recovery attack on the SIDH protocol. As a result, the secret key of SIKEp751 can be recovered in a matter of hours. The SIKE and SIDH schemes will be removed from oqs 0.7.2. The affected schemes are the oqs::kem::Algorithm::Sike and...

2.6AI score
Exploits0Affected Software1
RustSec
RustSec
added 2022/05/10 12:0 p.m.19 views

`SegQueue` creates zero value of any type

Affected versions of this crate called mem::zeroed to create values of a user-supplied type T. This is unsound e.g. if T is a reference type which must be non-null. The flaw was corrected by avoiding the use of mem::zeroed, using MaybeUninit instead...

3.1AI score
Exploits0Affected Software1
RustSec
RustSec
added 2022/02/05 12:0 p.m.19 views

Unsoundness of AtomicCell<*64> arithmetics on 32-bit targets that support Atomic*64

Impact Affected versions of this crate incorrectly assumed that the alignment of i,u64 was always the same as AtomicI,U64. However, the alignment of i,u64 on a 32-bit target can be smaller than AtomicI,U64. This can cause the following problems: - Unaligned memory accesses - Data race Crates usin...

8.1CVSS1AI score0.01239EPSS
Exploits1Affected Software1
RustSec
RustSec
added 2021/09/08 12:0 p.m.19 views

Miscomputed results when using AVX2 backend

The v0.9.7 release of the sha2 crate introduced a new AVX2-accelerated backend which was automatically enabled for all x86/x8664 CPUs where AVX2 support was autodetected at runtime. This backend was buggy and would miscompute results for long messages i.e. messages spanning multiple SHA blocks. T...

9.8CVSS2.2AI score0.00805EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2021/08/15 12:0 p.m.19 views

serde_cbor is unmaintained

The serdecbor crate is unmaintained. The author has archived the github repository. Alternatives proposed by the author: ciborium minicbor...

2.3AI score
Exploits0
RustSec
RustSec
added 2021/07/30 12:0 p.m.19 views

Partial read is incorrect in molecule

Anyone who uses totalsize.. function to partial read the length of any FixVec will get an incorrect result, due to an incorrect implementation. This has been resolved in the 0.7.2 release...

9.8CVSS2.6AI score0.01318EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2021/07/25 12:0 p.m.19 views

Process crashes when the cell used as DepGroup is not alive

It's easy to create a malign transaction which uses the dead cell as the DepGroup in the DepCells. The transaction can crash all the receiving nodes...

7.8CVSS2AI score0.01088EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2021/07/12 12:0 p.m.19 views

Relative Path Traversal in git-delta

git-delta before 0.8.3 on Windows resolves an executable's pathname as a relative path from the current directory...

7.8CVSS4.6AI score0.00422EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2021/07/07 12:0 p.m.19 views

Lenient `hyper` header parsing of `Content-Length` could allow request smuggling

hyper's HTTP header parser accepted, according to RFC 7230, illegal contents inside Content-Length headers. Due to this, upstream HTTP proxies that ignore the header may still forward them along if it chooses to ignore the error. To be vulnerable, hyper must be used as an HTTP/1 server and using ...

5.3CVSS0.3AI score0.00886EPSS
Exploits1Affected Software1
RustSec
RustSec
added 2021/05/27 12:0 p.m.19 views

Permissions bypass in pleaser

pleaseedit in pleaser before 0.4 uses predictable temporary filenames in /tmp and the target directory. This allows a local attacker to gain full root privileges by staging a symlink attack...

7.8CVSS3.9AI score0.00468EPSS
Exploits1Affected Software1
RustSec
RustSec
added 2021/05/07 12:0 p.m.19 views

anymap is unmaintained.

The anymap crate does not appear to be maintained, and the most recent published version 0.12.1 includes a soundness bug. This has been fixed a few years ago, but was never released...

9.8CVSS3.3AI score0.01441EPSS
Exploits1
RustSec
RustSec
added 2021/03/18 12:0 p.m.19 views

Denial of service through parsing payloads with too big exponent

The parseduration::parse function allows for parsing duration strings with exponents like 5e5s where under the hood, the BigInt type along with the pow function are used for such payloads. Passing an arbitrarily big exponent makes the parseduration::parse function to process the payload for a ver...

7.5CVSS3.9AI score0.00973EPSS
Exploits0
RustSec
RustSec
added 2021/03/05 12:0 p.m.19 views

Fix a use-after-free bug in diesels Sqlite backend

We've misused sqlite3columnname. The SQLite documentation states that the following: The returned string pointer is valid until either the prepared statement is destroyed by sqlite3finalize or until the statement is automatically reprepared by the first call to sqlite3step for a particular run or...

9.8CVSS2.1AI score0.01319EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2021/02/19 12:0 p.m.19 views

Multiple memory safety issues in insert_row

When inserting rows from an iterator at a particular index, toodee would shift items over, duplicating their ownership. The space reserved for the new elements was based on the len returned by the ExactSizeIterator. This could result in elements in the array being freed twice if the iterator...

9.8CVSS1.6AI score0.01167EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2021/02/03 12:0 p.m.19 views

insert_slice_clone can double drop if Clone panics.

Affected versions of this crate used ptr::copy when inserting into the middle of a Vec. When ownership was temporarily duplicated during this copy, it calls the clone method of a user provided element. This issue can result in an element being double-freed if the clone call panics. Commit 20cb73d...

5.3CVSS3AI score0.01359EPSS
Exploits1Affected Software1
RustSec
RustSec
added 2021/01/03 12:0 p.m.19 views

'Read' on uninitialized memory may cause UB

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. The crate currently contains 4 occurrences of such cases. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes...

9.8CVSS3AI score0.01191EPSS
Exploits0
RustSec
RustSec
added 2020/12/31 12:0 p.m.19 views

InputStream::read_exact : `Read` on uninitialized buffer causes UB

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...

9.8CVSS3.8AI score0.01191EPSS
Exploits0
RustSec
RustSec
added 2020/12/08 12:0 p.m.19 views

ArcGuard's Send and Sync should have bounds on RC

Affected versions of this crate implement Send/Sync for ArcGuard with no trait bounds on RC. This allows users to send RC: !Send to other threads and also allows users to concurrently access Rc: !Sync from multiple threads. This can result in memory corruption from data race or other undefined...

8.1CVSS3.1AI score0.00766EPSS
Exploits0
RustSec
RustSec
added 2020/11/16 12:0 p.m.19 views

Singleton lacks bounds on Send and Sync.

Singleton is meant to be a static object that can be initialized lazily. In order to satisfy the requirement that static items must implement Sync, Singleton implemented both Sync and Send unconditionally. This allows for a bug where non-Sync types such as Cell can be used in singletons and cause...

8.1CVSS1.4AI score0.00766EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2020/11/13 12:0 p.m.19 views

`miow` invalidly assumes the memory layout of std::net::SocketAddr

The miow crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about the...

5.5CVSS3.4AI score0.00387EPSS
Exploits1Affected Software1
RustSec
RustSec
added 2020/11/07 12:0 p.m.19 views

`net2` invalidly assumes the memory layout of std::net::SocketAddr

The net2 crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about the...

2.7AI score
Exploits0Affected Software1
RustSec
RustSec
added 2020/09/03 12:0 p.m.19 views

Memory safety issues in `compact::Vec`

compact::Vec contains multiple memory safety issues. 1. It mishandles large capacity and causes out-of-bound access in 32-bit / allocator layout mismatch in 64-bit. 2. remove is not panic-safe and causes double-free when an index larger than the length is provided...

7.5CVSS3.1AI score0.0139EPSS
Exploits1
RustSec
RustSec
added 2020/06/23 12:0 p.m.19 views

linked-hash-map creates uninitialized NonNull pointer

Affected versions of this crate called mem::uninitialized to create a NonNull, which is undefined behavior. The flaw was corrected by avoiding the use of mem::uninitialized...

9.8CVSS3.5AI score0.01777EPSS
Exploits1Affected Software1
RustSec
RustSec
added 2020/06/02 12:0 p.m.19 views

Improper Synchronization and Race Condition in vm-memory

rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows attackers to cause a denial of service loss of IP networking because readobj and writeobj do not properly access memory. This affects aarch64 with musl or glibc and x8664 with musl...

7.5CVSS5.7AI score0.01599EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2020/06/01 12:0 p.m.19 views

traitobject assumes the layout of fat pointers

This crate gets the data pointer from fat pointers assuming that the first element in a fat pointer is the data pointer. This is currently true, but it may change in a future Rust version, leading to memory corruption. This has been fixed in the master branch of the crate, but is has not been...

9.8CVSS3.7AI score0.0171EPSS
Exploits1
RustSec
RustSec
added 2020/05/19 12:0 p.m.19 views

tokio-rustls reads may cause excessive memory usage

tokio-rustls does not call processnewpackets immediately after read, so the expected termination condition wantsread always returns true. As long as new incoming data arrives faster than it is processed and the reader does not return pending, data will be buffered. This may cause DoS...

7.5CVSS2.2AI score0.01336EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2020/04/23 12:0 p.m.19 views

Various memory safety issues

Several memory safety issues have been uncovered in an audit of rusqlite. See https://github.com/rusqlite/rusqlite/releases/tag/0.23.0 for a complete list...

9.8CVSS1.5AI score0.0173EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2020/04/23 12:0 p.m.19 views

Library exclusively intended to obfuscate code.

This crate allows you to write safe functions with unsafe bodies without the unsafe keyword. The value this adds is questionable, and hides unsafe usages from naive analysis...

2.1AI score
Exploits0
RustSec
RustSec
added 2020/03/27 12:0 p.m.19 views

use-after or double free of allocated memory

Conversion of BitVec to BitBox did not account for allocation movement. The flaw was corrected by using the address after resizing, rather than the original base address...

9.8CVSS3.5AI score0.01629EPSS
Exploits1Affected Software1
RustSec
RustSec
added 2019/09/01 12:0 p.m.19 views

Use-after-free in buffer conversion implementation

The From implementation for Vec was not properly implemented, returning a vector backed by freed memory. This could lead to memory corruption or be exploited to cause undefined behavior. A fix was published in version 0.1.3...

9.8CVSS3.6AI score0.01634EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2019/07/04 12:0 p.m.19 views

MultiDecoder::read() drops uninitialized memory of arbitrary type on panic in client code

Affected versions of libflate have set a field of an internal structure with a generic type to an uninitialized value in MultiDecoder::read and reverted it to the original value after the function completed. However, execution of MultiDecoder::read could be interrupted by a panic in caller-suppli...

9.8CVSS3.1AI score0.02458EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2019/06/06 12:0 p.m.19 views

Double-free and use-after-free in SmallVec::grow()

Attempting to call grow on a spilled SmallVec with a value equal to the current capacity causes it to free the existing data. This performs a double free immediately and may lead to use-after-free on subsequent accesses to the SmallVec contents. An attacker that controls the value passed to grow...

9.8CVSS2.3AI score0.01862EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2018/11/27 12:0 p.m.19 views

Vec-to-vec transmutations could lead to heap overflow/corruption

Affected versions of this crate switched the length and capacity arguments in the Vec::fromrawparts constructor, which could lead to memory corruption or data leakage. The flaw was corrected by using the constructor correctly...

9.8CVSS2.8AI score0.02032EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2018/08/22 12:0 p.m.19 views

Use of uninitialized memory in temporary

Uninit memory is used as a RNG seed in temporary The following function is used as a way to get entropy from the system, which does operations on and exposes uninit memory, which is UB. rust fn randomseed: &Path, : &str - u64; 2 use std::mem::uninitialized as rand; unsafe rand:: ^ 0x12345678,...

1.1AI score
Exploits0Affected Software1
RustSec
RustSec
added 2018/06/15 12:0 p.m.19 views

Use-after-free with objects returned by `Stream`'s `get_format_info` and `get_context` methods

Affected versions contained a pair of use-after-free issues with the objects returned by the getformatinfo and getcontext methods of Stream objects. These objects were mistakenly being constructed without setting an important flag to prevent destruction of the underlying C objects they reference...

3.9AI score
Exploits0Affected Software1
RustSec
RustSec
added 2018/06/08 12:0 p.m.19 views

Multiple memory safety issues

Affected versions contain multiple memory safety issues, such as: - Unsoundly coercing immutable references to mutable references - Unsoundly extending lifetimes of strings - Adding the Send marker trait to objects that cannot be safely sent between threads This may result in a variety of memory...

9.8CVSS2AI score0.01324EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2017/05/03 12:0 p.m.19 views

Integer overflow leads to heap-based buffer overflow in encode_config_buf

Affected versions of this crate suffered from an integer overflow bug when calculating the size of a buffer to use when encoding base64 using the encodeconfigbuf and encodeconfig functions. If the input string was large, this would cause a buffer to be allocated that was too small. Since this...

9.8CVSS3.7AI score0.01534EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2016/09/10 12:0 p.m.19 views

libusb is unmaintained; use rusb instead

The libusb crate has not seen a release since September 2016, and its author is unresponsive. The rusb crate is a maintained fork: https://github.com/a1ien/rusb...

7.1AI score
Exploits0Affected Software1
RustSec
RustSec
added 2026/06/04 12:0 p.m.18 views

`pqcrypto-falcon` is unmaintained: upstream PQClean project being archived

This crate provides Rust bindings to the Falcon FN-DSA signature scheme via C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches or bug fixes will be applied to the upstream implementations. As ...

5.8AI score
Exploits0
RustSec
RustSec
added 2026/05/29 12:0 p.m.18 views

Out-of-bounds writes due to integer overflow in jxl-grid on 32-bit platforms

On 32-bit platforms, decoding a crafted image may lead to out-of-bounds writes due to integer overflow in length calculation. This could allow arbitrary code execution. Details & PoC The test listed below fail under miri with command cargo +nightly miri test --release -p jxl-grid Or you can use...

6.2AI score
Exploits0Affected Software1
Total number of security vulnerabilities1141