Lucene search
K
RustsecRecent

1141 matches found

RustSec
RustSec
•added 2023/09/25 12:0 p.m.•15 views

Tungstenite allows remote attackers to cause a denial of service

The Tungstenite crate through 0.20.0 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amoun...

7.5CVSS7.2AI score0.0162EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2023/09/23 12:0 p.m.•5 views

gix-transport code execution vulnerability

The gix-transport crate prior to the patched version 0.36.1 would allow attackers to use malicious ssh clone URLs to pass arbitrary arguments to the ssh program, leading to arbitrary code execution. PoC: gix clone 'ssh://-oProxyCommand=open$IFS-aCalculator/foo' This will launch a calculator on OS...

4.1CVSS7.7AI score0.00171EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2023/09/21 12:0 p.m.•6 views

Denial of service in Quinn servers

Receiving QUIC frames containing a frame with unknown frame type could lead to a panic. Unfortunately this is issue was not found by our fuzzing infrastructure. Thanks to the QUIC Tester research group for reporting this issue...

7.5CVSS7AI score0.0076EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2023/09/19 12:0 p.m.•7 views

blurhash: panic on parsing crafted blurhash inputs

Impact The blurhash parsing code may panic due to multiple panic-guarded out-of-bounds accesses on untrusted input. In a typical deployment, this may get triggered by feeding a maliciously crafted blurhashes over the network. These may include: - UTF-8 compliant strings containing multi-byte UTF-...

8.6CVSS7.2AI score0.00515EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2023/09/19 12:0 p.m.•4 views

phonenumber: panic on parsing crafted RF3966 phonenumber inputs

Impact The phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber over the network, specifically the string .;phone-context=. Patches...

8.6CVSS7.2AI score0.00694EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2023/09/15 12:0 p.m.•5 views

HPACK decoder panics on invalid input

Due to insufficient checking of input data, decoding certain data sequences can lead to Decoder::decode panicking rather than returning an error. Example code that triggers this vulnerability looks like this: rust use hpack::Decoder; pub fn main let input = &0x3f; let mut decoder = Decoder::new;...

7.2AI score
Exploits0
RustSec
RustSec
•added 2023/09/15 12:0 p.m.•3 views

`hpack` is unmaintained

The hpack crate is no longer maintained. Consider using fluke-hpack or httlib-huffman...

7.2AI score
Exploits0
RustSec
RustSec
•added 2023/09/13 12:0 p.m.•3 views

BER/CER/DER decoder panics on invalid input

Due to insufficient checking of input data, decoding certain data sequences can lead to bcder panicking rather than returning an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding. bcder 0.7.3 fixes these issues by more...

7.5CVSS7.1AI score0.00592EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2023/09/12 12:0 p.m.•11 views

libwebp: OOB write in BuildHuffmanTable

Google and Mozilla have released security advisories for RCE due to heap overflow in libwebp. Google warns the vulnerability has been exploited in the wild. libwebp needs to be updated to 1.3.2 to include a patch for "OOB write in BuildHuffmanTable"...

8.8CVSS9.7AI score0.99735EPSS
Exploits9Affected Software1
RustSec
RustSec
•added 2023/09/12 12:0 p.m.•11 views

libwebp: OOB write in BuildHuffmanTable

Google and Mozilla have released security advisories for RCE due to heap overflow in libwebp. Google warns the vulnerability has been exploited in the wild. libwebp needs to be updated to 1.3.2 to include a patch for "OOB write in BuildHuffmanTable"...

8.8CVSS9.8AI score0.99735EPSS
Exploits9Affected Software1
RustSec
RustSec
•added 2023/09/10 12:0 p.m.•4 views

Exposes reference to non-Sync data to an arbitrary thread

Affected versions do not enforce a Sync bound on the type of caller-provided value held in the plugin registry. References to these values are made accessible to arbitrary threads other than the one that constructed them. A caller could use this flaw to submit thread-unsafe data into inventory,...

7AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2023/09/10 12:0 p.m.•6 views

Fails to prohibit standard library access prior to initialization of Rust standard library runtime

Affected versions allow arbitrary caller-provided code to execute before the lifetime of main. If the caller-provided code accesses particular pieces of the standard library that require an initialized Rust runtime, such as std::io or std::thread, these may not behave as documented. Panics are...

7.6AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2023/09/10 12:0 p.m.•8 views

Unaligned read of `*const *const c_char` pointer

Affected versions dereference a potentially unaligned pointer. The pointer is commonly unaligned in practice, resulting in undefined behavior. In some build modes, this is observable as a panic followed by abort. In other build modes the UB may manifest in some other way, including the possibilit...

7.1AI score
Exploits0
RustSec
RustSec
•added 2023/09/05 12:0 p.m.•4 views

Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86\_64

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-gw5p-q8mj-p7gh. For more information see the GitHub-hosted security advisory...

5.3CVSS7AI score0.00605EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2023/09/03 12:0 p.m.•6 views

Multiple soundness issues

lexical contains multiple soundness issues: 1. Bytes::read allows creating instances of types with invalid bit patterns 1. BytesIter::read advances iterators out of bounds 1. The BytesIter trait has safety invariants but is public and not marked unsafe 1. writefloat calls MaybeUninit::assumeinit ...

7.2AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2023/09/03 12:0 p.m.•7 views

Multiple soundness issues

RUSTSEC-2024-0377 contains multiple soundness issues: 1. Bytes::read allows creating instances of types with invalid bit patterns 1. BytesIter::read advances iterators out of bounds 1. The BytesIter trait has safety invariants but is public and not marked unsafe 1. writefloat calls...

7.3AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2023/09/01 12:0 p.m.•6 views

Default functions in VolatileMemory trait lack bounds checks, potentially leading to out-of-bounds memory accesses

An issue was discovered in the default implementations of the VolatileMemory::getatomicref, alignedasref, alignedasmut, getref, getarrayref trait functions, which allows out-of-bounds memory access if the VolatileMemory::getslice function returns a VolatileSlice whose length is less than the...

4.7CVSS7AI score0.00237EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2023/08/22 12:0 p.m.•5 views

webpki: CPU denial of service in certificate path building

When this crate is given a pathological certificate chain to validate, it will spend CPU time exponential with the number of candidate certificates at each step of path building. Both TLS clients and TLS servers that accept client certificate are affected. This was previously reported in and...

7.8CVSS6.8AI score0.06325EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2023/08/22 12:0 p.m.•4 views

rustls-webpki: CPU denial of service in certificate path building

When this crate is given a pathological certificate chain to validate, it will spend CPU time exponential with the number of candidate certificates at each step of path building. Both TLS clients and TLS servers that accept client certificate are affected. We now give each path building operation...

7.8CVSS7AI score0.06325EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2023/08/18 12:0 p.m.•6 views

`postgresderive` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the malicious user amaperf and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download recor...

5.8AI score
Exploits0
RustSec
RustSec
•added 2023/08/16 12:0 p.m.•4 views

`oncecell` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the malicious user amaperf and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download recor...

5.8AI score
Exploits0
RustSec
RustSec
•added 2023/08/16 12:0 p.m.•5 views

`serd` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the malicious user amaperf and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download recor...

5.8AI score
Exploits0
RustSec
RustSec
•added 2023/08/16 12:0 p.m.•6 views

`xrvrv` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the malicious user amaperf and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download recor...

5.8AI score
Exploits0
RustSec
RustSec
•added 2023/08/16 12:0 p.m.•6 views

`envlogger` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the malicious user amaperf and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download recor...

5.8AI score
Exploits0
RustSec
RustSec
•added 2023/08/16 12:0 p.m.•6 views

`lazystatic` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the malicious user amaperf and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download recor...

5.8AI score
Exploits0
RustSec
RustSec
•added 2023/08/16 12:0 p.m.•9 views

`postgress` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the malicious user amaperf and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download recor...

5.8AI score
Exploits0
RustSec
RustSec
•added 2023/08/16 12:0 p.m.•8 views

`if-cfg` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the malicious user amaperf and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download recor...

5.8AI score
Exploits0
RustSec
RustSec
•added 2023/08/07 12:0 p.m.•5 views

Use-after-free in `vec_insert_bytes`

Incorrect reallocation logic in the function vecinsertbytes causes a use-after-free. This function does not have to be called directly to trigger the vulnerability because many methods on EncodingWriter call this function internally. The mail-\ suite is unmaintained and the upstream sources have...

7.1AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2023/08/07 12:0 p.m.•6 views

`tui` is unmaintained; use `ratatui` instead

The tui crate is no longer maintained. Consider using the ratatui crate instead...

7.2AI score
Exploits0
RustSec
RustSec
•added 2023/08/03 12:0 p.m.•7 views

Invalid Slice Split Results in Server Panic

A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. This issue specifically occurs when processing encrypted query data received from remote clients. Impact An attacker with knowledge of this vulnerability could craft and...

5.9CVSS7AI score0.0065EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2023/07/30 12:0 p.m.•4 views

`dlopen_derive` is unmaintained

dlopenderive hasn't been updated since June 9, 2019. dlopenderive depends on quote = "0.6.12" and syn = "0.15.34". Versions 1.0.0 of these dependencies were published on August 13, 2019. The 0. versions haven't received updates since. Note that dlopen is an unmaintained crate from the same...

7.2AI score
Exploits0
RustSec
RustSec
•added 2023/07/26 12:0 p.m.•4 views

Unsoundness in `intern` methods on `intaglio` symbol interners

Affected versions of this crate have a stacked borrows violation when creating references to interned contents. All interner types are affected. The flaw was corrected in version 1.9.0 by reordering move and borrowing operations and storing interned contents by raw pointer instead of as a Box...

7AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2023/07/11 12:0 p.m.•9 views

atomic-polyfill is unmaintained

The author has archived the GitHub repository and mentions deprecation in project's README. Possible alternatives portable-atomic...

7.2AI score
Exploits0
RustSec
RustSec
•added 2023/06/26 12:0 p.m.•4 views

impl `FromMdbValue` for bool is unsound

The implementation of FromMdbValue have several unsoundness issues. First of all, it allows to reinterpret arbitrary bytes as a bool and could make undefined behavior happen with safe function. Secondly, it allows transmuting pointer without taking memory layout into consideration. The details of...

7.2AI score
Exploits0
RustSec
RustSec
•added 2023/06/21 12:0 p.m.•26 views

memoffset allows reading uninitialized memory

memoffset allows attempt of reading data from address 0 with arbitrary type. This behavior is an undefined behavior because address 0 to std::mem::sizeof may not have valid bit-pattern with T. Old implementation dereferences uninitialized memory obtained from std::mem::alignof. Older implementati...

6.9AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2023/06/20 12:0 p.m.•21 views

`openssl` `X509VerifyParamRef::set_host` buffer over-read

When this function was passed an empty string, openssl would attempt to call strlen on it, reading arbitrary memory until it reached a NUL byte...

9.1CVSS10AI score0.00329EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2023/06/15 12:0 p.m.•13 views

Misaligned pointer dereference in `ChunkId::new`

The function ChunkId::new creates a misaligned pointer by casting mutable pointer of u8 slice which has alignment 1 to the mutable pointer of u32 which has alignment 4, and dereference the misaligned pointer leading UB, which should not be allowed in safe function...

6.8AI score
Exploits0
RustSec
RustSec
•added 2023/06/11 12:0 p.m.•30 views

Ouroboros is Unsound

Summary Ouroboros has a soundness problem, but a fix has been implemented in 0.16.0. More details: In 0.15.0, Ouroboros works internally by creating a struct where all uses of 'this are replaced by 'static. However, a recent addition to Miri checks that references passed to functions are valid...

6.8AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2023/06/01 12:0 p.m.•16 views

`users` crate is unmaintained

The users crate hasn't seen any action since 2020-10-08. The developer seems MIA since. Recommended alternatives - uzers - sysinfo MIA: https://github.com/ogham/rust-users/issues/54 uzers: https://crates.io/crates/uzers sysinfo: https://crates.io/crates/sysinfo...

7.2AI score
Exploits0
RustSec
RustSec
•added 2023/06/01 12:0 p.m.•17 views

Remote Attackers can cause Denial-of-Service (packet loops) with crafted DNS packets

trust-dns and trust-dns-server are vulnerable to remotely triggered denial-of-service attacks, consuming both network and CPU resources. DNS messages with the QR=1 bit set are responded to with a FormErr response. This allows creating a traffic loop, in which these FormErr responses are sent...

6.8AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2023/05/16 12:0 p.m.•33 views

Out-of-bounds array access leads to panic

Affected versions of the crate have a bug where attacker-controlled input can result in the use of an out-of-bound array index. Rust detects the use of the out-of-bound index and causes the application to panic. An attacker may be able to use this to cause a denial-of-service. However, it is not...

5.3CVSS6.8AI score0.00332EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2023/05/16 12:0 p.m.•18 views

crate has been renamed to `crypto_secretbox`

This crate has been forked/renamed from xsalsa20poly1305 to cryptosecretbox. The new repository location is at:...

6.9AI score
Exploits0
RustSec
RustSec
•added 2023/05/16 12:0 p.m.•12 views

Out-of-bounds array access leads to panic

Affected versions of the crate have several bugs where attacker-controlled input can result in the use of an out-of-bound array index. Rust detects the use of the out-of-bound index and causes the application to panic. An attacker may be able to use this to cause a denial-of-service. However, it ...

5.3CVSS6.7AI score0.00274EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2023/04/29 12:0 p.m.•3 views

Vulnerable to privilege escalation using ioctls TIOCSTI and TIOCLINUX

please is vulnerable to privilege escalation using ioctls TIOCSTI and TIOCLINUX on systems where they are not disabled. Here is how to see it in action: $ cd "$mktemp -d" $ git clone --depth 1 https://gitlab.com/edneville/please.git $ cd please/ $ git rev-parse HEAD...

7.8CVSS7.6AI score0.00292EPSS
Exploits1
RustSec
RustSec
•added 2023/04/21 12:0 p.m.•6 views

Undefined Behavior in Rust runtime functions

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-ch89-5g45-qwc7. For more information see the GitHub-hosted security advisory...

8.8CVSS7AI score0.0045EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2023/04/19 12:0 p.m.•5 views

Logs AWS credentials when TRACE-level logging is enabled

aws-sigv4 is a rust library for low level request signing in the aws cloud platform. The awssigv4::SigningParams struct had a derived Debug implementation. When debug-formatted, it would include a user's AWS access key, AWS secret key, and security token in plaintext. When TRACE-level logging is...

5.5CVSS6AI score0.00216EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2023/04/17 12:0 p.m.•15 views

Adverserial use of `make_bitflags!` macro can cause undefined behavior

The macro relied on an expression of the form Enum::Variant always being a variant of the enum. However, it may also be an associated integer constant, in which case there's no guarantee that the value of said constant consists only of bits valid for this bitflag type. Thus, code like this could...

6.8AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2023/04/14 12:0 p.m.•38 views

Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)

If an attacker is able to flood the network with pairs of HEADERS/RSTSTREAM frames, such that the h2 application is not able to accept them faster than the bytes are received, the pending accept queue can grow in memory usage. Being able to do this consistently can result in excessive memory use,...

7.5CVSS7.3AI score0.01121EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2023/04/12 12:0 p.m.•24 views

Parsing borsh messages with ZST which are not-copy/clone is unsound

Affected versions of borsh cause undefined behavior when zero-sized-types ZST are parsed and the Copy/Clone traits are not implemented/derived. For instance if 1000 instances of a ZST are deserialized, and the ZST is not copy this can be achieved through a singleton, then accessing/writing to...

6.5AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2023/04/11 12:0 p.m.•4 views

multipart is Unmaintained

The multipart crate is unmaintained. The author has archived the github repository. Alternatives: - multer - multiparty...

7.1AI score
Exploits0
Total number of security vulnerabilities1141