Lucene search
K
RustsecMost viewed

1141 matches found

RustSec
RustSec
added 2026/05/14 12:0 p.m.17 views

TLS hostname verification disabled when using Boring TLS backend

An inverted-boolean bug in lettre's boring-tls integration silently disables TLS hostname verification for callers using the default strict configuration. An on-path attacker presenting any chain-valid certificate for any domain can intercept SMTP submission, including PLAIN/LOGIN credentials and...

5.8AI score
Exploits0Affected Software1
RustSec
RustSec
added 2026/04/24 12:0 p.m.17 views

Possible unaligned data access for implementations of `SqliteAggregate`

Diesel allows to register custom aggregate SQL functions for SQLite via the SqliteAggregate interface. To store an instance of the custom aggregate processor Diesel relied on the sqlite3aggregatecontext function provided by sqlite. This function doesn't provide any guarantees about alignment of t...

5.9AI score
Exploits0Affected Software1
RustSec
RustSec
added 2026/04/22 12:0 p.m.17 views

Reachable panic in certificate revocation list parsing

A panic was reachable when parsing certificate revocation lists via BorrowedCertRevocationList::fromder or OwnedCertRevocationList::fromder. This was the result of mishandling a syntactically valid empty BIT STRING appearing in the onlySomeReasons element of a IssuingDistributionPoint CRL...

5.8AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/10/21 12:0 p.m.17 views

`tokio-tar` parses PAX extended headers incorrectly, allows file smuggling

The archive reader incorrectly handles PAX extended headers, when the ustar header incorrectly specifies zero size size=000000000000, while a PAX header specifies a non-zero size, tokio-tar::Archive is going to read the file content as tar entry header. This can be used by a tar file to present...

8.1CVSS6.8AI score0.00688EPSS
Exploits1Affected Software1
RustSec
RustSec
added 2025/03/04 12:0 p.m.17 views

`backoff` is unmaintained.

The backoff crate is no longer actively maintained. For exponential backoffs/retrying, you can use the backon crate...

7.1AI score
Exploits0
RustSec
RustSec
added 2023/06/01 12:0 p.m.17 views

Remote Attackers can cause Denial-of-Service (packet loops) with crafted DNS packets

trust-dns and trust-dns-server are vulnerable to remotely triggered denial-of-service attacks, consuming both network and CPU resources. DNS messages with the QR=1 bit set are responded to with a FormErr response. This allows creating a traffic loop, in which these FormErr responses are sent...

6.8AI score
Exploits0Affected Software1
RustSec
RustSec
added 2023/03/24 12:0 p.m.17 views

TLS certificate common name validation bypass

The NATS official Rust clients are vulnerable to MitM when using TLS. The common name of the server's TLS certificate is validated against the hostname provided by the server's plaintext INFO message during the initial connection setup phase. A MitM proxy can tamper with the host field's value by...

7AI score
Exploits0Affected Software1
RustSec
RustSec
added 2023/02/13 12:0 p.m.17 views

Miscompilation in cortex-m-rt 0.7.1 and 0.7.2

Version 0.7.1 of the cortex-m-rt crate introduced a regression causing the stack to NOT be eight-byte aligned prior to calling main or any other specified entrypoint, violating the stack ABI of AAPCS32, the default ABI used by all Cortex-M targets. This regression is also present in version 0.7.2...

3AI score
Exploits0Affected Software1
RustSec
RustSec
added 2023/01/11 12:0 p.m.17 views

`tokio::io::ReadHalf<T>::unsplit` is Unsound

tokio::io::ReadHalf::unsplit can violate the Pin contract The soundness issue is described in the tokio/issues5372 Specific set of conditions needed to trigger an issue a !Unpin type in ReadHalf is unusual, combined with the difficulty of making any arbitrary use-after-free exploitable in Rust...

1.6AI score
Exploits0Affected Software1
RustSec
RustSec
added 2022/12/04 12:0 p.m.17 views

`claim` is Unmaintained

The last release was in February 2021, almost two years ago. The maintainer has been unresponsive regarding this crate for over a year. A pending issue with claim's dependencies has made the crate difficult to use. Possible Alternatives The below list has not been vetted in any way and may or may...

3.5AI score
Exploits0
RustSec
RustSec
added 2022/09/07 12:0 p.m.17 views

Multiple vulnerabilities resulting in out-of-bounds writes

The heap initialization methods were missing a minimum size check for the given heap size argument. This could lead to out-of-bound writes when a heap was initialized with a size smaller than 3 sizeof:: because of metadata write operations. When calling Heap::extend with a size smaller than two...

9.8CVSS9.2AI score0.00754EPSS
Exploits1Affected Software1
RustSec
RustSec
added 2022/07/21 12:0 p.m.17 views

Denial of service on deeply nested fragment requests

Deeply nested fragments in a GraphQL request may cause a stack overflow in the server...

3.3AI score
Exploits0Affected Software1
RustSec
RustSec
added 2022/05/10 12:0 p.m.17 views

Channel creates zero value of any type

Affected versions of this crate called mem::zeroed to create values of a user-supplied type T. This is unsound e.g. if T is a reference type which must be non-null. The flaw was corrected by avoiding the use of mem::zeroed, using MaybeUninit instead...

2.8AI score
Exploits0Affected Software1
RustSec
RustSec
added 2021/05/04 12:0 p.m.17 views

XSS in `comrak`

comrak operates by default in a "safe" mode of operation where unsafe content, such as arbitrary raw HTML or URLs with non-standard schemes, are not permitted in the output. This is per the reference GFM implementation, cmark-gfm. Ampersands were not being correctly escaped in link targets, makin...

6.1CVSS1AI score0.00741EPSS
Exploits1Affected Software1
RustSec
RustSec
added 2021/03/03 12:0 p.m.17 views

Intern<T>: Data race allowed on T

Affected versions of this crate unconditionally implements Sync for Intern. This allows users to create data race on T: !Sync, which may lead to undefined behavior for example, memory corruption. The flaw was corrected in commit 2928a87 by adding the trait bound T: Sync in the Sync impl of Intern...

9.8CVSS3.7AI score0.01167EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2021/02/22 12:0 p.m.17 views

push_cloned can drop uninitialized memory or double free on panic

Affected versions of stackdst used a pushinner function that increased the internal length of the array and then called val.clone. If the val.clone call panics, the stack could drop an already dropped element or drop uninitialized memory. This issue was fixed in 2a4d538 by increasing the length o...

5.1AI score
Exploits0Affected Software1
RustSec
RustSec
added 2021/02/15 12:0 p.m.17 views

crate has been renamed to `qjsonrpc`

This crate has been renamed from jsonrpc-quic to qjsonrpc. The new repository location is:...

6.9AI score
Exploits0
RustSec
RustSec
added 2021/01/07 12:0 p.m.17 views

Reading on uninitialized memory may cause UB ( `util::read_spv()` )

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...

9.8CVSS3.9AI score0.01345EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2020/12/31 12:0 p.m.17 views

`impl Random` on arrays can lead to dropping uninitialized memory

Affected versions of this crate had a panic safety issue to drop partially uninitialized array of T upon panic in a user provided function T::random. Dropping uninitialized T can potentially cause memory corruption or undefined behavior. The flaw was corrected in commit 565d508 by using MaybeUnin...

7.8CVSS2.9AI score0.00426EPSS
Exploits1Affected Software1
RustSec
RustSec
added 2020/12/25 12:0 p.m.17 views

Queues allow non-Send types to be sent to other threads, allowing data races

Affected versions of this crate unconditionally implemented Send for types used in queue implementations InnerSend, InnerRecv, FutInnerSend, FutInnerRecv. This allows users to send non-Send types to other threads, which can lead to data race bugs or other undefined behavior...

8.1CVSS3.6AI score0.01098EPSS
Exploits1
RustSec
RustSec
added 2020/12/17 12:0 p.m.17 views

RingBuffer can create multiple mutable references and cause data races

The RingBuffer type retrieves mutable references from the DataProvider in a non-atomic manner, potentially allowing the creation of multiple mutable references. RingBuffer also implements the Send and Sync traits for all types T. This allows undefined behavior from the aliased mutable references ...

5.9CVSS3.3AI score0.00978EPSS
Exploits1Affected Software1
RustSec
RustSec
added 2020/12/10 12:0 p.m.17 views

Soundness issue with base::Error

base::Error type contains public field named ptr. With this definition, it is possible to create a base::Error with an invalid pointer and trigger memory safety errors such as use-after-free or double-free with safe Rust. The users of xcb crate are advised not to manipulate the field...

5.5CVSS2AI score0.00401EPSS
Exploits1Affected Software1
RustSec
RustSec
added 2020/11/15 12:0 p.m.17 views

CopyCell lacks bounds on its Send trait allowing for data races

CopyCell is a Cell-like type that is implemented for any type T that is Copyable. It's Send trait has no bounds on the contained type. As not all Copyable types are thread safe, for example non-mutable references implement the Copy trait, it is possible to send references to types with interior...

8.1CVSS2.3AI score0.01098EPSS
Exploits1
RustSec
RustSec
added 2020/11/10 12:0 p.m.17 views

LateStatic has incorrect Sync bound

Affected versions of this crate implemented Sync for LateStatic with T: Send, so that it is possible to create a data race to a type T: Send + !Sync e.g. Cell. This can result in a memory corruption or other kinds of undefined behavior. The flaw was corrected in commit 11f396c by replacing the T:...

7CVSS2.9AI score0.00357EPSS
Exploits1Affected Software1
RustSec
RustSec
added 2020/06/19 12:0 p.m.17 views

`pnet_packet` buffer overrun in `set_payload` setters

As indicated by this issue, a buffer overrun is possible in the setpayload setter of the various mutable "Packet" struct setters. The offending setpayload functions were defined within the struct impl blocks in earlier versions of the package, and later by the packet macro. Fixed in the packet...

4.6AI score
Exploits0Affected Software1
RustSec
RustSec
added 2020/05/04 12:0 p.m.17 views

stdweb is unmaintained

The author of the stdweb crate is unresponsive. Maintained alternatives: - wasm-bindgen - js-sys - web-sys...

2AI score
Exploits0Affected Software1
RustSec
RustSec
added 2020/04/24 12:0 p.m.17 views

fake-static allows converting any reference into a `'static` reference

fake-static allows converting a reference with any lifetime into a reference with 'static lifetime without the unsafe keyword. Internally, this crate does not use unsafe code, it instead exploits a soundness bug in rustc: https://github.com/rust-lang/rust/issues/25860...

1.8AI score
Exploits0
RustSec
RustSec
added 2020/02/10 12:0 p.m.17 views

lzw is unmaintained

The author of the lzw crate is unresponsive. Maintained alternatives: - weezl...

2.1AI score
Exploits0Affected Software1
RustSec
RustSec
added 2020/01/21 12:0 p.m.17 views

Threshold value is ignored (all shares are n=3)

Affected versions of this crate did not properly calculate secret shares requirements. This reduces the security of the algorithm by restricting the crate to always using a threshold value of three, rather than a configurable limit. The flaw was corrected by correctly configuring the threshold...

2.5AI score
Exploits0Affected Software1
RustSec
RustSec
added 2019/09/14 12:0 p.m.17 views

`Matrix::zip_elements` causes double free

Affected versions of this crate did not properly implements the Matrix::zipelements method, which causes an double free when the given trait implementation might panic. This allows an attacker to corrupt or take control of the memory. The flaw was corrected by Phosphorus15...

9.8CVSS4.2AI score0.01691EPSS
Exploits1Affected Software1
RustSec
RustSec
added 2019/05/21 12:0 p.m.17 views

Flaw in generativity allows out-of-bounds access

Affected versions of this crate did not properly implement the generativity, because the invariant lifetimes were not necessarily dropped. This allows an attacker to mix up two arenas, using indices created from one arena with another one. This might lead to an out-of-bounds read or write access...

9.8CVSS4.6AI score0.01855EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2019/03/10 12:0 p.m.17 views

Fix for UB in failure to catch panics crossing FFI boundaries

Affected versions of this crate failed to catch panics crossing FFI boundaries via callbacks, which is a form of UB. This flaw was corrected by this commit1 which was included in version 2.6.0. 1: https://github.com/jnqnfe/pulse-binding-rust/commit/7fd282aef7787577c385aed88cb25d004b85f494...

7.5CVSS3.7AI score0.01177EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2018/12/18 12:0 p.m.17 views

Enum repr causing potential memory corruption

The attribute repr added to enums to be compatible with C-FFI caused memory corruption on MSVC toolchain. arrayfire crates = version 3.5.0 do not have this issue when used with Rust versions 1.27 or earlier. The issue only started to appear since Rust version 1.28. The issue seems to be interlink...

9.8CVSS5.6AI score0.01645EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2016/12/15 12:0 p.m.17 views

`cassandra` crate is unmaintained; use `cassandra-cpp` instead

The cassandra crate has not seen a release since December 2016, and its author is unresponsive. The cassandra-cpp crate is a maintained fork: https://github.com/Metaswitch/cassandra-rs...

6.9AI score
Exploits0Affected Software1
RustSec
RustSec
added 2016/08/01 12:0 p.m.17 views

HTTP download and execution allows MitM RCE

The build script in the portaudio crate will attempt to download via HTTP the portaudio source and build it. A Mallory in the middle can intercept the download with their own archive and get RCE...

5.9CVSS1.3AI score0.01078EPSS
Exploits0
RustSec
RustSec
added 2026/06/11 12:0 p.m.16 views

Out-of-bounds read in `nth` / `nth_back` for `PyList` and `PyTuple` iterators

PyO3 0.24.0 added optimized implementations of Iterator::nth and DoubleEndedIterator::nthback for the BoundListIterator and BoundTupleIterator types. These implementations computed the target index using unchecked usize addition index + n before bounds-checking against the sequence length, then...

5.8AI score
Exploits0Affected Software1
RustSec
RustSec
added 2026/06/10 12:0 p.m.16 views

`onering` 1.4.1 was removed from crates.io for malicious code

A new version of the onering crate was published with code that attempted to exfiltrate both metadata and code from the project it was included within. One malicious version was published on 2026-06-10, approximately six hours before removal. This crate has no dependencies on crates.io, and there...

5.6AI score
Exploits0Affected Software1
RustSec
RustSec
added 2026/05/15 12:0 p.m.16 views

Unchecked `CryptoVec` allocation and growth handling

CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation and locking paths. In affected russh releases, attacker-controlled input could reach these code paths through buffer resizing operations. Two affected reachability paths were identified: Current russh...

7.5CVSS6.2AI score0.00263EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2026/05/02 12:0 p.m.16 views

Integer overflow in `array::ReadWrite::new()` leading to potential memory corruption

In array::ReadWrite::new line 83 of accessor/src/array.rs, let bytes = mem::sizeof:: len can overflow usize when len is very large. In release mode, this silently wraps, potentially making bytes = 0. The mapper then maps with 0 bytes, and subsequent accesses e.g. readvolatileat lead to undefined...

5.9AI score
Exploits0
RustSec
RustSec
added 2026/03/14 12:0 p.m.16 views

`tracing-ethers` was removed from crates.io due to malicious code

The tracing-ethers crate attempted to exfiltrate ssh keys to an app hosted on vercel.app The malicious crate had 9 version published on 2026-03-09 approximately 5 days before removal and had no evidence of actual downloads. There were no crates depending on this crate on crates.io. Thanks to the...

5.8AI score
Exploits0
RustSec
RustSec
added 2025/03/10 12:0 p.m.16 views

`tree-sitter-pkl` was removed from crates.io for malicious code

tree-sitter-pkl was part of a campaign that attempted to exfiltrate environmental data from the host. The malicious crate had 1 version published in March 2025, and had no evidence of actual usage. This crate had no dependencies on crates.io...

5.9AI score
Exploits0
RustSec
RustSec
added 2024/12/12 12:0 p.m.16 views

Crash due to uncontrolled recursion in protobuf crate

Affected version of this crate did not properly parse unknown fields when parsing a user-supplied input. This allows an attacker to cause a stack overflow when parsing the mssage on untrusted data...

5.9CVSS7.4AI score0.0038EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2024/06/26 12:0 p.m.16 views

`derivative` is unmaintained; consider using an alternative

The derivative crate is no longer maintained. Consider using any alternative, for instance: - derivemore - derive-where - educe...

7.2AI score
Exploits0
RustSec
RustSec
added 2023/06/01 12:0 p.m.16 views

`users` crate is unmaintained

The users crate hasn't seen any action since 2020-10-08. The developer seems MIA since. Recommended alternatives - uzers - sysinfo MIA: https://github.com/ogham/rust-users/issues/54 uzers: https://crates.io/crates/uzers sysinfo: https://crates.io/crates/sysinfo...

7.2AI score
Exploits0
RustSec
RustSec
added 2023/05/16 12:0 p.m.16 views

crate has been renamed to `crypto_secretbox`

This crate has been forked/renamed from xsalsa20poly1305 to cryptosecretbox. The new repository location is at:...

6.9AI score
Exploits0
RustSec
RustSec
added 2023/03/31 12:0 p.m.16 views

Initialisation failure in `Once::try_call_once` can lead to undefined behaviour for other initialisers

Once::trycallonce is unsound if invoked more than once concurrently and any call fails to initialise successfully...

6.7AI score
Exploits0Affected Software1
RustSec
RustSec
added 2023/02/20 12:0 p.m.16 views

Possible out-of-bounds read in release mode

Affected versions of this crate were using a debug assertion to validate the last parameter of partialsort. This would allow invalid inputs to cause an out-of-bounds read instead of immediately panicking, when compiled without debug assertions. All writes are bounds-checked, so the out-of-bounds...

4.8AI score
Exploits0Affected Software1
RustSec
RustSec
added 2023/01/21 12:0 p.m.16 views

`kuchiki` is unmaintained

The kuchiki repo was marked as archived in this commit. Possible Alternatives Possible alternatives may include: - kuchikiki - html5ever - xml-rs...

6.9AI score
Exploits0
RustSec
RustSec
added 2022/10/01 12:0 p.m.16 views

Crate `parity-wasm` deprecated by the author

This PR explicitly deprecates parity-wasm. The author recommends switching to wasm-tools...

1.8AI score
Exploits0
RustSec
RustSec
added 2022/08/04 12:0 p.m.16 views

Interledger is Unmaintained

Interledger family of crates is not being actively maintained anymore. The owner of the published crate does not appear to be responsive. There is an outstanding concern around username comparison. This concern may or may not be resolved by bumping up the dependencies of the project...

2.9AI score
Exploits0
Total number of security vulnerabilities1141