Lucene search
K
RustsecMost viewed

1141 matches found

RustSec
RustSec
•added 2025/09/11 12:0 p.m.•18 views

serde_yml crate is unsound and unmaintained

Using serdeyml::ser::Serializer.emitter can cause a segmentation fault, which is unsound. The GitHub project for serdeyml was archived after unsoundness issues were raised. If you rely on this crate, it is highly recommended switching to a maintained alternative. Recommended alternatives -...

7AI score
Exploits0
RustSec
RustSec
•added 2023/03/19 12:0 p.m.•18 views

NULL pointer dereference in `stb_image`

A bug in error handling in the stbimage C library could cause a NULL pointer dereference when attempting to load an invalid or unsupported image file. This is fixed in version 0.2.5 and later of the stbimage Rust crate, by patching the C code to correctly handle NULL pointers. Thank you to GitHub...

7.1AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2023/03/04 12:0 p.m.•18 views

`maligned::align_first` causes incorrect deallocation

maligned::alignfirst manually allocates with an alignment larger than T, and then uses Vec::fromrawparts on that allocation to get a Vec. GlobalAlloc::dealloc requires that the layout argument must be the same layout that was used to allocate that block of memory. When deallocating, Box and Vec m...

2.2AI score
Exploits0
RustSec
RustSec
•added 2023/02/24 12:0 p.m.•18 views

Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU)

The removedirall crate is a Rust library that offers additional features over the Rust standard library fs::removedirall function. It was possible to trick a privileged process doing a recursive delete in an attacker controlled directory into deleting privileged files, on all operating systems. F...

0.6AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/11/10 12:0 p.m.•18 views

Bug in pooling instance allocator

bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance. Mitigations are described here...

8.6CVSS1.6AI score0.00657EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/08/26 12:0 p.m.•18 views

`os_socketaddr` invalidly assumes the memory layout of std::net::SocketAddr

The ossocketaddr crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. These layout were changed into idiomatic rust...

2.4AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/07/12 12:0 p.m.•18 views

libp2p Lack of resource management DoS

libp2p allows a potential attacker to cause victim p2p node to run out of memory The out of memory failure can cause crashes where libp2p is intended to be used within large scale networks leading to potential Denial of Service DoS vector Users should upgrade or reference the DoS mitigation...

7.5CVSS4.9AI score0.00689EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/05/11 12:0 p.m.•18 views

Out-of-bounds read when opening multiple column families with TTL

Affected versions of this crate called the RocksDB C API rocksdbopencolumnfamilieswithttl with a pointer to a single integer TTL value, but one TTL value for each column family is expected. This is only relevant when using rocksdb::DBWithThreadMode::opencfdescriptorswithttl with multiple column...

3AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/05/10 12:0 p.m.•18 views

`SegQueue` creates zero value of any type

Affected versions of this crate called mem::zeroed to create values of a user-supplied type T. This is unsound e.g. if T is a reference type which must be non-null. The flaw was corrected by avoiding the use of mem::zeroed, using MaybeUninit instead...

3.1AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/04/27 12:0 p.m.•18 views

`array!` macro is unsound when its length is impure constant

Affected versions of this crate did substitute the array length provided by an user at compile-time multiple times. When an impure constant expression is passed as an array length such as a result of an impure procedural macro, this can result in the initialization of an array with uninitialized...

3.3AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/04/13 12:0 p.m.•18 views

`rmp-serde` `Raw` and `RawRef` unsound

It was found that Raw::fromutf8 expects valid UTF-8. If invalid UTF-8 is received it can cause the process to crash...

6.7AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/02/28 12:0 p.m.•18 views

Miscomputation when performing AES encryption in rust-crypto

The following Rust program demonstrates some strangeness in AES encryption - if you have an immutable key slice and then operate on that slice, you get different encryption output than if you operate on a copy of that key. For these functions, we expect that extending a 16 byte key to a 32 byte k...

7.3AI score
Exploits0
RustSec
RustSec
•added 2021/11/14 12:0 p.m.•18 views

Panic on incorrect date input to `simple_asn1`

Version 0.6.0 of the simpleasn1 crate panics on certain malformed inputs to its parsing functions, including fromder and derdecode. Because this crate is frequently used with inputs from the network, this should be considered a security vulnerability. The issue occurs when parsing the old ASN.1...

7.5CVSS2.4AI score0.0134EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2021/10/31 12:0 p.m.•18 views

Generated code can read and write out of bounds in safe code

Code generated by flatbuffers' compiler is unsafe but not marked as such. See https://github.com/google/flatbuffers/issues/6627 for details. For example, if generated code is used to decode malformed or untrusted input, undefined behavior and thus security vulnerabilities is possible even without...

0.6AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2021/09/23 12:0 p.m.•18 views

Aliased mutable references from `tls_rand` & `TlsWyRand`

TlsWyRand's implementation of Deref unconditionally dereferences a raw pointer, and returns multiple mutable references to the same object, which is undefined behavior...

9.8CVSS2.7AI score0.01191EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2021/08/18 12:0 p.m.•18 views

ansi_term is Unmaintained

The maintainer has advised that this crate is deprecated and will not receive any maintenance. The crate does not seem to have much dependencies and may or may not be ok to use as-is. Last release seems to have been three years ago. Possible Alternatives The below list has not been vetted in any...

7.2AI score
Exploits0
RustSec
RustSec
•added 2021/07/22 12:0 p.m.•18 views

`better-macro` has deliberate RCE to prove a point

better-macro is a fake crate which is "Proving A Point" that proc-macros can run arbitrary code. This is not a particularly novel or interesting observation. It currently opens https://github.com/raycar5/better-macro/blob/master/doc/hi.md which doesn't appear to have any malicious content, but...

9.8CVSS1.3AI score0.02567EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/06/16 12:0 p.m.•18 views

Potential request smuggling capabilities due to lack of input validation

Affected versions of this crate did not properly detect invalid requests that could allow HTTP/1 request smuggling HRS attacks when running alongside a vulnerable front-end proxy server. This can result in leaked internal and/or user data, including credentials, when the front-end proxy is also...

7.5CVSS3.5AI score0.0181EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/06/06 12:0 p.m.•18 views

VecStorage Deserialize Allows Violation of Length Invariant

The Deserialize implementation for VecStorage did not maintain the invariant that the number of elements must equal nrows ncols. Deserialization of specially crafted inputs could allow memory access beyond allocation of the vector. This flaw was introduced in v0.11.0 086e6e due to the addition of...

9.8CVSS3.9AI score0.01411EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/05/22 12:0 p.m.•18 views

SMTP command injection in body

Affected versions of lettre allowed SMTP command injection through an attacker's controlled message body. The module for escaping lines starting with a period wouldn't catch a period that was placed after a double CRLF sequence, allowing the attacker to end the current message and write arbitrary...

9.8CVSS2.8AI score0.01494EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/02/28 12:0 p.m.•18 views

project abandoned; migrate to the `aes-siv` crate

The Miscreant project has been abandoned and archived. The Rust implementation has been adapted into the new aes-siv crate which implements both the AES-CMAC-SIV and AES-PMAC-SIV constructions: Please migrate to the aes-siv crate. Alternatively see the aes-gcm-siv crate for a newer, faster...

0.6AI score
Exploits0
RustSec
RustSec
•added 2021/02/19 12:0 p.m.•18 views

SliceDeque::drain_filter can double drop an element if the predicate panics

Affected versions of the crate incremented the current index of the drain filter iterator before calling the predicate function self.pred. If the predicate function panics, it is possible for the last element in the iterator to be dropped twice...

7.5CVSS2.7AI score0.01135EPSS
Exploits1
RustSec
RustSec
•added 2021/02/05 12:0 p.m.•18 views

Multiple Transfer-Encoding headers misinterprets request payload

hyper's HTTP server code had a flaw that incorrectly understands some requests with multiple transfer-encoding headers to have a chunked payload, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that understands the request payload boundary differently can...

8.1CVSS1.4AI score0.04771EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2021/01/12 12:0 p.m.•18 views

panic safety: double drop may happen within `util::{mutate, mutate2}`

Upon panic in a user-provided function f, fn mutate & fn mutate2 drops twice a same object. Affected versions of this crate did not guard against double drop while temporarily duplicating an object's ownership with ptr::read. Dropping a same object can result in memory corruption. The flaw was...

9.8CVSS1.1AI score0.01552EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/01/08 12:0 p.m.•18 views

Buffer overflow in SmallVec::insert_many

A bug in the SmallVec::insertmany method caused it to allocate a buffer that was smaller than needed. It then wrote past the end of the buffer, causing a buffer overflow and memory corruption on the heap. This bug was only triggered if the iterator passed to insertmany yielded more items than the...

9.8CVSS1.1AI score0.01666EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/01/07 12:0 p.m.•18 views

`Read` on uninitialized buffer may cause UB ( `read_entry()` )

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. There are two of such cases gooffsetlog::readentry & offsetlog::readentry. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect...

9.8CVSS3.4AI score0.01191EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2021/01/07 12:0 p.m.•18 views

`Frame::copy_from_raw_parts` can lead to segfault without `unsafe`

fn Frame::copyfromrawparts is a safe API that can take a raw pointer and dereference it. It is possible to read arbitrary memory address with an arbitrarily fed pointer. This allows the safe API to access & read arbitrary address in memory. Feeding an invalid memory address pointer to the API may...

7.5CVSS1AI score0.01327EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/01/04 12:0 p.m.•18 views

kamadak-exif DoS with untrusted PNG data

Attacker crafted data can cause a infinite loop leading to DoS if used with untrusted data...

6.5CVSS2.5AI score0.01515EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2021/01/03 12:0 p.m.•18 views

'Read' on uninitialized memory may cause UB

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. The crate currently contains 4 occurrences of such cases. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes...

9.8CVSS3AI score0.01191EPSS
Exploits0
RustSec
RustSec
•added 2021/01/02 12:0 p.m.•18 views

reading on uninitialized buffer can cause UB (`impl<R> BufRead for GreedyAccessReader<R>`)

Affected versions of this crate creates an uninitialized buffer and passes it to user-provided Read implementation. This is unsound, because it allows safe Rust code to exhibit an undefined behavior read from uninitialized memory. The flaw was corrected in version 0.1.1 by zero-initializing a new...

9.1CVSS3.4AI score0.01642EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/12/20 12:0 p.m.•18 views

Soundness issue: Input<R> can be misused to create data race to an object

Input implements Send without requiring R: Send. Affected versions of this crate allows users to send non-Send types to other threads, which can lead to undefined behavior such as data race and memory corruption. The flaw was corrected in version 0.5.1 by adding R: Send bound to the Send impl of...

5.9CVSS2.8AI score0.01066EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/12/20 12:0 p.m.•18 views

difference is unmaintained

The author of the difference crate is unresponsive. Maintained alternatives: - dissimilar - similar - treediff - diffus...

3.2AI score
Exploits0
RustSec
RustSec
•added 2020/12/18 12:0 p.m.•18 views

ShmWriter allows sending non-Send type across threads

Affected versions of this crate implement Send for ShmWriter without requiring H: Send. This allows users to send H: !Send to other threads, which can potentially lead to data races and undefined behavior...

8.1CVSS3.6AI score0.01249EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/12/10 12:0 p.m.•18 views

MvccRwLock allows data races & aliasing violations

Affected versions of this crate unconditionally implement Send/Sync for MvccRwLock. This can lead to data races when types that are either !Send or !Sync e.g. Rc, Arc are contained inside MvccRwLock and sent across thread boundaries. The data races can potentially lead to memory corruption as...

8.1CVSS3AI score0.0124EPSS
Exploits1
RustSec
RustSec
•added 2020/12/09 12:0 p.m.•18 views

dces' World type can cause data races

The World type in dces is marked as Send without bounds on its EntityStore and ComponentStore. This allows non-thread safe EntityStore and ComponentStores to be sent across threads and cause data races...

8.1CVSS3AI score0.01098EPSS
Exploits1
RustSec
RustSec
•added 2020/11/24 12:0 p.m.•18 views

QueueSender<T>/QueueReceiver<T>: Send/Sync impls need `T: Send`

Affected versions of this crate unconditionally implemented Send/Sync for QueueSender, allowing to send non-Send T to other threads by invoking &QueueSender.send. This fails to prevent users from creating data races by sending types like Rc or Arc to other threads, which can lead to memory...

8.1CVSS3.6AI score0.00847EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2020/11/15 12:0 p.m.•18 views

PinSlab<T> and Unordered<T, S> need bounds on their Send/Sync traits

Affected versions of this crate unconditionally implemented Send & Sync for types PinSlab & Unordered. This allows sending non-Send types to other threads and concurrently accessing non-Sync types from multiple threads. This can result in a data race & memory corruption when types that provide...

8.1CVSS1.7AI score0.00766EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2020/09/25 12:0 p.m.•18 views

Insufficient size checks in outgoing buffer in ws allows remote attacker to run the process out of memory

Affected versions of this crate did not properly check and cap the growth of the outgoing buffer. This allows a remote attacker to take down the process by growing the buffer of their single connection until the process runs out of memory it can allocate and is killed. The flaw was corrected in t...

7.5CVSS4AI score0.01336EPSS
Exploits0
RustSec
RustSec
•added 2020/05/26 12:0 p.m.•18 views

crate has been renamed to `block-cipher`

This crate has been renamed from block-cipher-trait to block-cipher. The new repository location is at:...

7.1AI score
Exploits0
RustSec
RustSec
•added 2020/05/19 12:0 p.m.•18 views

tokio-rustls reads may cause excessive memory usage

tokio-rustls does not call processnewpackets immediately after read, so the expected termination condition wantsread always returns true. As long as new incoming data arrives faster than it is processed and the reader does not return pending, data will be buffered. This may cause DoS...

7.5CVSS2.2AI score0.01336EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2020/01/24 12:0 p.m.•18 views

Use-after-free in BodyStream due to lack of pinning

Affected versions of this crate did not require the buffer wrapped in BodyStream to be pinned, but treated it as if it had a fixed location in memory. This may result in a use-after-free. The flaw was corrected by making the trait MessageBody require Unpin and making pollnext function accept Pin...

7.5CVSS4AI score0.01406EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2019/11/21 12:0 p.m.•18 views

spin is no longer actively maintained

The author of the spin crate does not have time or interest to maintain it. Consider the following alternatives all of which support nostd: - conquer-once - lockapi a subproject of parkinglot - spinningtop spinlock crate built on lockapi - spinning...

2.3AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2019/10/14 12:0 p.m.•18 views

Flaw in Scalar::check_overflow allows side-channel timing attack

Versions of libsecp256k1 prior to 0.3.1 did not execute Scalar::checkoverflow in constant time. This allows an attacker to potentially leak information via a timing attack. The flaw was corrected by modifying Scalar::checkoverflow to execute in constant time...

7.5CVSS6.6AI score0.01415EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2018/12/20 12:0 p.m.•18 views

Flaw in streaming state reset() functions can create incorrect results.

Affected versions of this crate did not properly reset a streaming state. Resetting a streaming state, without finalising it first, creates incorrect results. The flaw was corrected by not first checking if the state had already been reset, when calling reset...

7.5CVSS3.3AI score0.01598EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2018/12/09 12:0 p.m.•18 views

MsQueue and SegQueue suffer from double-free

Even if an element is popped from a queue, crossbeam would run its destructor inside the epoch-based garbage collector. This is a source of double frees. The flaw was corrected by wrapping elements inside queues in a ManuallyDrop. Thanks to @c0gent for reporting the issue...

9.8CVSS1.3AI score0.01744EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2026/06/04 12:0 p.m.•17 views

`pqcrypto-mldsa` is unmaintained: upstream PQClean project being archived

This crate provides Rust bindings to ML-DSA FIPS 204 via C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches or bug fixes will be applied to the upstream implementations. As a result, this crat...

5.8AI score
Exploits0
RustSec
RustSec
•added 2026/06/04 12:0 p.m.•17 views

`pqcrypto-internals` is unmaintained: upstream PQClean project being archived

This crate provides internal FFI utilities for the pqcrypto- ecosystem, directly wrapping C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches or bug fixes will be applied to the upstream...

5.8AI score
Exploits0
RustSec
RustSec
•added 2026/05/14 12:0 p.m.•17 views

TLS hostname verification disabled when using Boring TLS backend

An inverted-boolean bug in lettre's boring-tls integration silently disables TLS hostname verification for callers using the default strict configuration. An on-path attacker presenting any chain-valid certificate for any domain can intercept SMTP submission, including PLAIN/LOGIN credentials and...

5.8AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2026/04/24 12:0 p.m.•17 views

Possible unaligned data access for implementations of `SqliteAggregate`

Diesel allows to register custom aggregate SQL functions for SQLite via the SqliteAggregate interface. To store an instance of the custom aggregate processor Diesel relied on the sqlite3aggregatecontext function provided by sqlite. This function doesn't provide any guarantees about alignment of t...

5.9AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2026/04/22 12:0 p.m.•17 views

Reachable panic in certificate revocation list parsing

A panic was reachable when parsing certificate revocation lists via BorrowedCertRevocationList::fromder or OwnedCertRevocationList::fromder. This was the result of mishandling a syntactically valid empty BIT STRING appearing in the onlySomeReasons element of a IssuingDistributionPoint CRL...

5.8AI score
Exploits0Affected Software1
Total number of security vulnerabilities1141