Lucene search
K
RustsecRecent

1141 matches found

RustSec
RustSec
•added 2024/01/24 12:0 p.m.•4 views

Stack overflow during recursive JSON parsing

When parsing untrusted, deeply nested JSON, the stack may overflow, possibly enabling a Denial of Service attack. This was fixed by adding a check for recursion depth...

7.5CVSS7.1AI score0.00362EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2024/01/23 12:0 p.m.•8 views

Unauthenticated Nonce Increment in snow

There was a logic bug where unauthenticated payloads could still cause a nonce increment in snow's internal state. For an attacker with privileges to inject packets into the channel over which the Noise session operates, this could allow a denial-of-service attack which could prevent message...

4.3CVSS7AI score0.00387EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2024/01/23 12:0 p.m.•7 views

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

Summary Insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have sufficient control over outbound headers. Details Outbound trilliumhttp::HeaderValue and trilliumhttp::HeaderName can be constructed infallibly a...

8.1CVSS7.3AI score0.00632EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2024/01/23 12:0 p.m.•4 views

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

Summary Insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have sufficient control over outbound headers. Details Outbound trilliumhttp::HeaderValue and trilliumhttp::HeaderName can be constructed infallibly a...

8.1CVSS7.3AI score0.00632EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2024/01/21 12:0 p.m.•8 views

Multiple issues involving quote API

Issue 1: Failure to quote characters Affected versions of this crate allowed the bytes and \xa0 to appear unquoted and unescaped in command arguments. If the output of quote or join is passed to a shell, then what should be a single command argument could be interpreted as multiple arguments. Thi...

9.8CVSS7.3AI score0.0078EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2024/01/20 12:0 p.m.•4 views

`cosmwasm` is unmaintained

The crate cosmwasm is not used anymore since spring 2020. The functionality was split in multiple different crates, such as the standard library cosmwasm-std and the virtual machine cosmwasm-vm. An overview can be found in the cosmwasm repository. If you have this crate in your dependency tree,...

7AI score
Exploits0
RustSec
RustSec
•added 2024/01/19 12:0 p.m.•8 views

Use-after-free when setting the locale

Version 3.0.0 introduced an AtomicStr type, that is used to store the current locale. It stores the locale as a raw pointer to an Arc. The locale can be read with AtomicStr::asstr. AtomicStr::asstr does not increment the usage counter of the Arc. If the locale is changed in one thread, another...

6.7AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2024/01/17 12:0 p.m.•5 views

Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)

An attacker with an HTTP/2 connection to an affected endpoint can send a steady stream of invalid frames to force the generation of reset frames on the victim endpoint. By closing their recv window, the attacker could then force these resets to be queued in an unbounded fashion, resulting in Out ...

7.8CVSS6.9AI score0.82813EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2024/01/13 12:0 p.m.•5 views

Unsound use of str::from_utf8_unchecked on bytes which are not UTF-8

Affected versions receive a &u8 from the caller through a safe API, and pass it directly to the unsafe str::fromutf8unchecked function. The behavior of ferrissays::say is undefined if the bytes from the caller don't happen to be valid UTF-8. The flaw was corrected in ferris-says21 by using the sa...

7AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2024/01/07 12:0 p.m.•8 views

Unsound sending of non-Send types across threads

Affected versions can run the Drop impl of a non-Send type on a different thread than it was created on. The flaw occurs when a stderr write performed by the threadalone crate fails, for example because stderr is redirected to a location on a filesystem that is full, or because stderr is a pipe...

7AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2024/01/07 12:0 p.m.•5 views

Missing facility to signal rotation of a verified cryptographic identity

Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applications relying on the SDK to overlook such changes. matrix-sdk-crypto 0.8.0 adds a n...

4.3CVSS7AI score0.00467EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2024/01/02 12:0 p.m.•5 views

`serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access

Impact An issue was discovered in the FamStructWrapper::deserialize implementation provided by the crate for vmmsysutil::fam::FamStructWrapper, which can lead to out of bounds memory accesses. The deserialization does not check that the length stored in the header matches the flexible array lengt...

9.8CVSS6.9AI score0.00652EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2023/12/22 12:0 p.m.•7 views

`bit-flags` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the user alexrichton to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longer...

5.9AI score
Exploits0
RustSec
RustSec
•added 2023/12/20 12:0 p.m.•4 views

Unaligned write of u64 on 32-bit and 16-bit platforms

Affected versions allocate memory using the alignment of usize and write data to it of type u64, without using core::ptr::writeunaligned. In platforms with sub-64bit alignment for usize including wasm32 and x86 these writes are insufficiently aligned some of the time. If using an ordinary optimiz...

7.1AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2023/12/18 12:0 p.m.•4 views

Buffer overflow due to integer overflow in `transpose`

Given the function transpose::transpose: rust fn transposeinput: &T, output: &mut T, inputwidth: usize, inputheight: usize The safety check inputwidth inputheight == output.len can fail due to inputwidth inputheight overflowing in such a way that it equals output.len. As a result of failing the...

5.3CVSS7.5AI score0.00291EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2023/12/14 12:0 p.m.•5 views

Some Ref methods are unsound with some type parameters

The Ref methods intoref, intomut, intoslice, and intoslicemut are unsound and may allow safe code to exhibit undefined behavior when used with Ref where B is cell::Ref or cell::RefMut. Note that these methods remain sound when used with B types other than cell::Ref or cell::RefMut. See...

7.3AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2023/12/08 12:0 p.m.•5 views

Infinite decoding loop through specially crafted payload

The Candid library causes a Denial of Service while parsing a specially crafted payload with empty data type. For example, if the payload is record ; empty and the canister interface expects record then the rust candid decoder treats empty as an extra field required by the type. The problem with...

7.5CVSS7.2AI score0.01212EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2023/12/01 12:0 p.m.•6 views

KyberSlash: division timings depending on secrets

Various Kyber software libraries in various environments leak secret information into timing, specifically because these libraries include a line of code that divides a secret numerator by a public denominator, the number of CPU cycles for division in various environments varies depending on the...

7AI score
Exploits0
RustSec
RustSec
•added 2023/11/23 12:0 p.m.•5 views

`openssl` `X509StoreRef::objects` is unsound

This function returned a shared reference into an OpenSSL datastructure but did not account for interior mutability. OpenSSL may modify the data behind this reference, meaning accesses can race and the reference is unsound. Use of this function should be replaced with X509StoreRef::allcertificate...

7AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2023/11/22 12:0 p.m.•5 views

Marvin Attack: potential key recovery through timing sidechannels

Impact Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. Patches No patch is yet available, however work is underway to migrate...

5.9CVSS6.5AI score0.00605EPSS
Exploits0
RustSec
RustSec
•added 2023/11/22 12:0 p.m.•6 views

Plaintext exposed in decrypt_in_place_detached even on tag verification failure

Summary In the AES GCM implementation of decryptinplacedetached, the decrypted ciphertext i.e. the correct plaintext is exposed even if tag verification fails. Impact If a program using the aes-gcm crate's decryptinplace APIs accesses the buffer after decryption failure, it will contain a...

5.5CVSS7.1AI score0.00262EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2023/11/20 12:0 p.m.•8 views

`tauri-winrt-notifications` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the user gabielle55131 to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longer...

5.9AI score
Exploits0
RustSec
RustSec
•added 2023/11/20 12:0 p.m.•7 views

`tauri-win-rt-notification` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the user gabielle55131 to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longer...

5.9AI score
Exploits0
RustSec
RustSec
•added 2023/11/18 12:0 p.m.•5 views

`openvpn-plugin-rs` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the user TerryDavisSoldier to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longe...

5.9AI score
Exploits0
RustSec
RustSec
•added 2023/11/18 12:0 p.m.•7 views

`windowsservice` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the user TerryDavisSoldier to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longe...

5.9AI score
Exploits0
RustSec
RustSec
•added 2023/11/18 12:0 p.m.•6 views

`hann-rs-service` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the user TerryDavisSoldier to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longe...

5.9AI score
Exploits0
RustSec
RustSec
•added 2023/11/15 12:0 p.m.•9 views

`winx-rs` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the user Kraded to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longer available...

5.9AI score
Exploits0
RustSec
RustSec
•added 2023/11/15 12:0 p.m.•6 views

`monero-api` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the user Kraded to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longer available...

5.9AI score
Exploits0
RustSec
RustSec
•added 2023/11/15 12:0 p.m.•7 views

`lfest-main` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the user Kraded to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longer available...

5.9AI score
Exploits0
RustSec
RustSec
•added 2023/11/15 12:0 p.m.•9 views

`monero-rpc-rs` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the user Kraded to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longer available...

5.9AI score
Exploits0
RustSec
RustSec
•added 2023/11/15 12:0 p.m.•7 views

`win-crypto` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the user Kraded to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longer available...

5.9AI score
Exploits0
RustSec
RustSec
•added 2023/11/15 12:0 p.m.•7 views

`windows-service-rs` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the user Kraded to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longer available...

5.9AI score
Exploits0
RustSec
RustSec
•added 2023/11/15 12:0 p.m.•13 views

`win-base64-rs` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the user Kraded to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longer available...

5.9AI score
Exploits0
RustSec
RustSec
•added 2023/11/15 12:0 p.m.•5 views

`acceptxmr-rs` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the user Kraded to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longer available...

5.9AI score
Exploits0
RustSec
RustSec
•added 2023/11/15 12:0 p.m.•5 views

`lasso-rs` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the user Kraded to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longer available...

5.9AI score
Exploits0
RustSec
RustSec
•added 2023/11/15 12:0 p.m.•8 views

`libusb1-main` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the user Kraded to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longer available...

5.9AI score
Exploits0
RustSec
RustSec
•added 2023/11/15 12:0 p.m.•8 views

`registry-win` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the user Kraded to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longer available...

5.9AI score
Exploits0
RustSec
RustSec
•added 2023/11/15 12:0 p.m.•7 views

`win_run_rs` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the user Kraded to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longer available...

5.9AI score
Exploits0
RustSec
RustSec
•added 2023/11/14 12:0 p.m.•7 views

`cpython` is unmaintained

The cpython crate and the underlying python3-sys and python27-sys crates have been marked as no longer actively maintained by the developer. There are also open issues for unsound code that is currently in these crates: - cpython265: Using some string functions causes segmentation faults on...

7.4AI score
Exploits0
RustSec
RustSec
•added 2023/11/13 12:0 p.m.•5 views

`loopdev` crate is unmaintained; use 'loopdev-3` instead.

The loopdev crate was last released in Oct, 2021. It has been unable to build in Fedora 38 and above since April, 2023. The loopdev-3 crate is a maintained fork: https://github.com/stratis-storage/loopdev-3...

7.1AI score
Exploits0
RustSec
RustSec
•added 2023/11/10 12:0 p.m.•7 views

Insufficient covariance check makes self_cell unsound

All public versions prior to 1.02 used an insufficient check to ensure that users correctly marked the dependent type as either covariant or notcovariant. This allowed users to mark a dependent as covariant even though its type was not covariant but invariant, for certain invariant types involvin...

7.1AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2023/11/06 12:0 p.m.•7 views

`tiny-server` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the malicious user http-tiny and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download...

5.8AI score
Exploits0
RustSec
RustSec
•added 2023/11/06 12:0 p.m.•4 views

`littest` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the malicious user http-tiny and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download...

5.8AI score
Exploits0
RustSec
RustSec
•added 2023/11/04 12:0 p.m.•5 views

Remotely exploitable DoS condition in Rosenpass <=0.2.0

Affected version do this crate did not validate the size of buffers when attempting to decode messages. This allows an attacker to trigger a panic by sending a UDP datagram with a 1 byte payload over network. This flaw was corrected by validating the size of the buffers before attempting to decod...

7.5CVSS6.9AI score0.00507EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2023/11/01 12:0 p.m.•7 views

sudo-rs: Path Traversal vulnerability

Impact An issue was discovered where usernames containing the . and / characters could result in the corruption of specific files on the filesystem. As usernames are generally not limited by the characters they can contain, a username appearing to be a relative path can be constructed. For exampl...

8.1CVSS7.2AI score0.00571EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2023/10/30 12:0 p.m.•4 views

`martin-mbtiles` has been renamed to `mbtiles`

Please use the mbtiles crate going forward...

7AI score
Exploits0
RustSec
RustSec
•added 2023/10/19 12:0 p.m.•4 views

Potential stack use-after-free in `Instrumented::into_inner`

The implementation of the Instrumented::intoinner method in affected versions of this crate contains undefined behavior due to incorrect use of std::mem::forget The function creates const pointers to self, calls mem::forgetselfstd::mem::forget, and then moves values out of those pointers using...

7.2AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2023/10/15 12:0 p.m.•15 views

Sequential calls of encryption API (`encrypt`, `wrap`, and `dump`) result in nonce reuse

Problem: Trying to create a new encrypted message with the same cocoon object generates the same ciphertext. It mostly affects MiniCocoon and Cocoon objects with custom seeds and RNGs where StdRng is used under the hood. Note: The issue does NOT affect objects created with Cocoon::new which...

4.5CVSS7.1AI score0.0014EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2023/10/14 12:0 p.m.•5 views

`MaybeUninit` misuse in `simd-json-derive`

An invalid use of MaybeUninit::uninit.assumeinit in simd-json-derive's derive macro can cause undefined behavior. The original code used MaybeUninit to avoid initialisation of the struct and then set the fields using ptr::write. The undefined behavior triggered by this misuse of MaybeUninit can...

7.2AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2023/10/12 12:0 p.m.•6 views

`fehler` is unmaintained; use `culpa` instead

The fehler crate is no longer maintained. Consider using culpa instead...

7.2AI score
Exploits0
Total number of security vulnerabilities1141