1141 matches found
TLS hostname verification disabled when using Boring TLS backend
An inverted-boolean bug in lettre's boring-tls integration silently disables TLS hostname verification for callers using the default strict configuration. An on-path attacker presenting any chain-valid certificate for any domain can intercept SMTP submission, including PLAIN/LOGIN credentials and...
Possible unaligned data access for implementations of `SqliteAggregate`
Diesel allows to register custom aggregate SQL functions for SQLite via the SqliteAggregate interface. To store an instance of the custom aggregate processor Diesel relied on the sqlite3aggregatecontext function provided by sqlite. This function doesn't provide any guarantees about alignment of t...
Reachable panic in certificate revocation list parsing
A panic was reachable when parsing certificate revocation lists via BorrowedCertRevocationList::fromder or OwnedCertRevocationList::fromder. This was the result of mishandling a syntactically valid empty BIT STRING appearing in the onlySomeReasons element of a IssuingDistributionPoint CRL...
`tokio-tar` parses PAX extended headers incorrectly, allows file smuggling
The archive reader incorrectly handles PAX extended headers, when the ustar header incorrectly specifies zero size size=000000000000, while a PAX header specifies a non-zero size, tokio-tar::Archive is going to read the file content as tar entry header. This can be used by a tar file to present...
`backoff` is unmaintained.
The backoff crate is no longer actively maintained. For exponential backoffs/retrying, you can use the backon crate...
Remote Attackers can cause Denial-of-Service (packet loops) with crafted DNS packets
trust-dns and trust-dns-server are vulnerable to remotely triggered denial-of-service attacks, consuming both network and CPU resources. DNS messages with the QR=1 bit set are responded to with a FormErr response. This allows creating a traffic loop, in which these FormErr responses are sent...
TLS certificate common name validation bypass
The NATS official Rust clients are vulnerable to MitM when using TLS. The common name of the server's TLS certificate is validated against the hostname provided by the server's plaintext INFO message during the initial connection setup phase. A MitM proxy can tamper with the host field's value by...
Miscompilation in cortex-m-rt 0.7.1 and 0.7.2
Version 0.7.1 of the cortex-m-rt crate introduced a regression causing the stack to NOT be eight-byte aligned prior to calling main or any other specified entrypoint, violating the stack ABI of AAPCS32, the default ABI used by all Cortex-M targets. This regression is also present in version 0.7.2...
`tokio::io::ReadHalf<T>::unsplit` is Unsound
tokio::io::ReadHalf::unsplit can violate the Pin contract The soundness issue is described in the tokio/issues5372 Specific set of conditions needed to trigger an issue a !Unpin type in ReadHalf is unusual, combined with the difficulty of making any arbitrary use-after-free exploitable in Rust...
`claim` is Unmaintained
The last release was in February 2021, almost two years ago. The maintainer has been unresponsive regarding this crate for over a year. A pending issue with claim's dependencies has made the crate difficult to use. Possible Alternatives The below list has not been vetted in any way and may or may...
Multiple vulnerabilities resulting in out-of-bounds writes
The heap initialization methods were missing a minimum size check for the given heap size argument. This could lead to out-of-bound writes when a heap was initialized with a size smaller than 3 sizeof:: because of metadata write operations. When calling Heap::extend with a size smaller than two...
Denial of service on deeply nested fragment requests
Deeply nested fragments in a GraphQL request may cause a stack overflow in the server...
Channel creates zero value of any type
Affected versions of this crate called mem::zeroed to create values of a user-supplied type T. This is unsound e.g. if T is a reference type which must be non-null. The flaw was corrected by avoiding the use of mem::zeroed, using MaybeUninit instead...
XSS in `comrak`
comrak operates by default in a "safe" mode of operation where unsafe content, such as arbitrary raw HTML or URLs with non-standard schemes, are not permitted in the output. This is per the reference GFM implementation, cmark-gfm. Ampersands were not being correctly escaped in link targets, makin...
Intern<T>: Data race allowed on T
Affected versions of this crate unconditionally implements Sync for Intern. This allows users to create data race on T: !Sync, which may lead to undefined behavior for example, memory corruption. The flaw was corrected in commit 2928a87 by adding the trait bound T: Sync in the Sync impl of Intern...
push_cloned can drop uninitialized memory or double free on panic
Affected versions of stackdst used a pushinner function that increased the internal length of the array and then called val.clone. If the val.clone call panics, the stack could drop an already dropped element or drop uninitialized memory. This issue was fixed in 2a4d538 by increasing the length o...
crate has been renamed to `qjsonrpc`
This crate has been renamed from jsonrpc-quic to qjsonrpc. The new repository location is:...
Reading on uninitialized memory may cause UB ( `util::read_spv()` )
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...
`impl Random` on arrays can lead to dropping uninitialized memory
Affected versions of this crate had a panic safety issue to drop partially uninitialized array of T upon panic in a user provided function T::random. Dropping uninitialized T can potentially cause memory corruption or undefined behavior. The flaw was corrected in commit 565d508 by using MaybeUnin...
Queues allow non-Send types to be sent to other threads, allowing data races
Affected versions of this crate unconditionally implemented Send for types used in queue implementations InnerSend, InnerRecv, FutInnerSend, FutInnerRecv. This allows users to send non-Send types to other threads, which can lead to data race bugs or other undefined behavior...
RingBuffer can create multiple mutable references and cause data races
The RingBuffer type retrieves mutable references from the DataProvider in a non-atomic manner, potentially allowing the creation of multiple mutable references. RingBuffer also implements the Send and Sync traits for all types T. This allows undefined behavior from the aliased mutable references ...
Soundness issue with base::Error
base::Error type contains public field named ptr. With this definition, it is possible to create a base::Error with an invalid pointer and trigger memory safety errors such as use-after-free or double-free with safe Rust. The users of xcb crate are advised not to manipulate the field...
CopyCell lacks bounds on its Send trait allowing for data races
CopyCell is a Cell-like type that is implemented for any type T that is Copyable. It's Send trait has no bounds on the contained type. As not all Copyable types are thread safe, for example non-mutable references implement the Copy trait, it is possible to send references to types with interior...
LateStatic has incorrect Sync bound
Affected versions of this crate implemented Sync for LateStatic with T: Send, so that it is possible to create a data race to a type T: Send + !Sync e.g. Cell. This can result in a memory corruption or other kinds of undefined behavior. The flaw was corrected in commit 11f396c by replacing the T:...
`pnet_packet` buffer overrun in `set_payload` setters
As indicated by this issue, a buffer overrun is possible in the setpayload setter of the various mutable "Packet" struct setters. The offending setpayload functions were defined within the struct impl blocks in earlier versions of the package, and later by the packet macro. Fixed in the packet...
stdweb is unmaintained
The author of the stdweb crate is unresponsive. Maintained alternatives: - wasm-bindgen - js-sys - web-sys...
fake-static allows converting any reference into a `'static` reference
fake-static allows converting a reference with any lifetime into a reference with 'static lifetime without the unsafe keyword. Internally, this crate does not use unsafe code, it instead exploits a soundness bug in rustc: https://github.com/rust-lang/rust/issues/25860...
lzw is unmaintained
The author of the lzw crate is unresponsive. Maintained alternatives: - weezl...
Threshold value is ignored (all shares are n=3)
Affected versions of this crate did not properly calculate secret shares requirements. This reduces the security of the algorithm by restricting the crate to always using a threshold value of three, rather than a configurable limit. The flaw was corrected by correctly configuring the threshold...
`Matrix::zip_elements` causes double free
Affected versions of this crate did not properly implements the Matrix::zipelements method, which causes an double free when the given trait implementation might panic. This allows an attacker to corrupt or take control of the memory. The flaw was corrected by Phosphorus15...
Flaw in generativity allows out-of-bounds access
Affected versions of this crate did not properly implement the generativity, because the invariant lifetimes were not necessarily dropped. This allows an attacker to mix up two arenas, using indices created from one arena with another one. This might lead to an out-of-bounds read or write access...
Fix for UB in failure to catch panics crossing FFI boundaries
Affected versions of this crate failed to catch panics crossing FFI boundaries via callbacks, which is a form of UB. This flaw was corrected by this commit1 which was included in version 2.6.0. 1: https://github.com/jnqnfe/pulse-binding-rust/commit/7fd282aef7787577c385aed88cb25d004b85f494...
Enum repr causing potential memory corruption
The attribute repr added to enums to be compatible with C-FFI caused memory corruption on MSVC toolchain. arrayfire crates = version 3.5.0 do not have this issue when used with Rust versions 1.27 or earlier. The issue only started to appear since Rust version 1.28. The issue seems to be interlink...
`cassandra` crate is unmaintained; use `cassandra-cpp` instead
The cassandra crate has not seen a release since December 2016, and its author is unresponsive. The cassandra-cpp crate is a maintained fork: https://github.com/Metaswitch/cassandra-rs...
HTTP download and execution allows MitM RCE
The build script in the portaudio crate will attempt to download via HTTP the portaudio source and build it. A Mallory in the middle can intercept the download with their own archive and get RCE...
Out-of-bounds read in `nth` / `nth_back` for `PyList` and `PyTuple` iterators
PyO3 0.24.0 added optimized implementations of Iterator::nth and DoubleEndedIterator::nthback for the BoundListIterator and BoundTupleIterator types. These implementations computed the target index using unchecked usize addition index + n before bounds-checking against the sequence length, then...
`onering` 1.4.1 was removed from crates.io for malicious code
A new version of the onering crate was published with code that attempted to exfiltrate both metadata and code from the project it was included within. One malicious version was published on 2026-06-10, approximately six hours before removal. This crate has no dependencies on crates.io, and there...
Unchecked `CryptoVec` allocation and growth handling
CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation and locking paths. In affected russh releases, attacker-controlled input could reach these code paths through buffer resizing operations. Two affected reachability paths were identified: Current russh...
Integer overflow in `array::ReadWrite::new()` leading to potential memory corruption
In array::ReadWrite::new line 83 of accessor/src/array.rs, let bytes = mem::sizeof:: len can overflow usize when len is very large. In release mode, this silently wraps, potentially making bytes = 0. The mapper then maps with 0 bytes, and subsequent accesses e.g. readvolatileat lead to undefined...
`tracing-ethers` was removed from crates.io due to malicious code
The tracing-ethers crate attempted to exfiltrate ssh keys to an app hosted on vercel.app The malicious crate had 9 version published on 2026-03-09 approximately 5 days before removal and had no evidence of actual downloads. There were no crates depending on this crate on crates.io. Thanks to the...
`tree-sitter-pkl` was removed from crates.io for malicious code
tree-sitter-pkl was part of a campaign that attempted to exfiltrate environmental data from the host. The malicious crate had 1 version published in March 2025, and had no evidence of actual usage. This crate had no dependencies on crates.io...
Crash due to uncontrolled recursion in protobuf crate
Affected version of this crate did not properly parse unknown fields when parsing a user-supplied input. This allows an attacker to cause a stack overflow when parsing the mssage on untrusted data...
`derivative` is unmaintained; consider using an alternative
The derivative crate is no longer maintained. Consider using any alternative, for instance: - derivemore - derive-where - educe...
`users` crate is unmaintained
The users crate hasn't seen any action since 2020-10-08. The developer seems MIA since. Recommended alternatives - uzers - sysinfo MIA: https://github.com/ogham/rust-users/issues/54 uzers: https://crates.io/crates/uzers sysinfo: https://crates.io/crates/sysinfo...
crate has been renamed to `crypto_secretbox`
This crate has been forked/renamed from xsalsa20poly1305 to cryptosecretbox. The new repository location is at:...
Initialisation failure in `Once::try_call_once` can lead to undefined behaviour for other initialisers
Once::trycallonce is unsound if invoked more than once concurrently and any call fails to initialise successfully...
Possible out-of-bounds read in release mode
Affected versions of this crate were using a debug assertion to validate the last parameter of partialsort. This would allow invalid inputs to cause an out-of-bounds read instead of immediately panicking, when compiled without debug assertions. All writes are bounds-checked, so the out-of-bounds...
`kuchiki` is unmaintained
The kuchiki repo was marked as archived in this commit. Possible Alternatives Possible alternatives may include: - kuchikiki - html5ever - xml-rs...
Crate `parity-wasm` deprecated by the author
This PR explicitly deprecates parity-wasm. The author recommends switching to wasm-tools...
Interledger is Unmaintained
Interledger family of crates is not being actively maintained anymore. The owner of the published crate does not appear to be responsive. There is an outstanding concern around username comparison. This concern may or may not be resolved by bumping up the dependencies of the project...