`lazystatic` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the malicious user amaperf and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download recor...

`oncecell` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the malicious user amaperf and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download recor...

`serd` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the malicious user amaperf and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download recor...

`postgress` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the malicious user amaperf and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download recor...

`if-cfg` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the malicious user amaperf and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download recor...

`tui` is unmaintained; use `ratatui` instead

The tui crate is no longer maintained. Consider using the ratatui crate instead...

Use-after-free in `vec_insert_bytes`

Incorrect reallocation logic in the function vecinsertbytes causes a use-after-free. This function does not have to be called directly to trigger the vulnerability because many methods on EncodingWriter call this function internally. The mail-\ suite is unmaintained and the upstream sources have...

Invalid Slice Split Results in Server Panic

A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. This issue specifically occurs when processing encrypted query data received from remote clients. Impact An attacker with knowledge of this vulnerability could craft and...

`dlopen_derive` is unmaintained

dlopenderive hasn't been updated since June 9, 2019. dlopenderive depends on quote = "0.6.12" and syn = "0.15.34". Versions 1.0.0 of these dependencies were published on August 13, 2019. The 0. versions haven't received updates since. Note that dlopen is an unmaintained crate from the same...

Unsoundness in `intern` methods on `intaglio` symbol interners

Affected versions of this crate have a stacked borrows violation when creating references to interned contents. All interner types are affected. The flaw was corrected in version 1.9.0 by reordering move and borrowing operations and storing interned contents by raw pointer instead of as a Box...

atomic-polyfill is unmaintained

The author has archived the GitHub repository and mentions deprecation in project's README. Possible alternatives portable-atomic...

impl `FromMdbValue` for bool is unsound

The implementation of FromMdbValue have several unsoundness issues. First of all, it allows to reinterpret arbitrary bytes as a bool and could make undefined behavior happen with safe function. Secondly, it allows transmuting pointer without taking memory layout into consideration. The details of...

memoffset allows reading uninitialized memory

memoffset allows attempt of reading data from address 0 with arbitrary type. This behavior is an undefined behavior because address 0 to std::mem::sizeof may not have valid bit-pattern with T. Old implementation dereferences uninitialized memory obtained from std::mem::alignof. Older implementati...

`openssl` `X509VerifyParamRef::set_host` buffer over-read

When this function was passed an empty string, openssl would attempt to call strlen on it, reading arbitrary memory until it reached a NUL byte...

Misaligned pointer dereference in `ChunkId::new`

The function ChunkId::new creates a misaligned pointer by casting mutable pointer of u8 slice which has alignment 1 to the mutable pointer of u32 which has alignment 4, and dereference the misaligned pointer leading UB, which should not be allowed in safe function...

Ouroboros is Unsound

Summary Ouroboros has a soundness problem, but a fix has been implemented in 0.16.0. More details: In 0.15.0, Ouroboros works internally by creating a struct where all uses of 'this are replaced by 'static. However, a recent addition to Miri checks that references passed to functions are valid...

Remote Attackers can cause Denial-of-Service (packet loops) with crafted DNS packets

trust-dns and trust-dns-server are vulnerable to remotely triggered denial-of-service attacks, consuming both network and CPU resources. DNS messages with the QR=1 bit set are responded to with a FormErr response. This allows creating a traffic loop, in which these FormErr responses are sent...

`users` crate is unmaintained

The users crate hasn't seen any action since 2020-10-08. The developer seems MIA since. Recommended alternatives - uzers - sysinfo MIA: https://github.com/ogham/rust-users/issues/54 uzers: https://crates.io/crates/uzers sysinfo: https://crates.io/crates/sysinfo...

crate has been renamed to `crypto_secretbox`

This crate has been forked/renamed from xsalsa20poly1305 to cryptosecretbox. The new repository location is at:...

Out-of-bounds array access leads to panic

Affected versions of the crate have a bug where attacker-controlled input can result in the use of an out-of-bound array index. Rust detects the use of the out-of-bound index and causes the application to panic. An attacker may be able to use this to cause a denial-of-service. However, it is not...

Out-of-bounds array access leads to panic

Affected versions of the crate have several bugs where attacker-controlled input can result in the use of an out-of-bound array index. Rust detects the use of the out-of-bound index and causes the application to panic. An attacker may be able to use this to cause a denial-of-service. However, it ...

Vulnerable to privilege escalation using ioctls TIOCSTI and TIOCLINUX

please is vulnerable to privilege escalation using ioctls TIOCSTI and TIOCLINUX on systems where they are not disabled. Here is how to see it in action: $ cd "$mktemp -d" $ git clone --depth 1 https://gitlab.com/edneville/please.git $ cd please/ $ git rev-parse HEAD...

Undefined Behavior in Rust runtime functions

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-ch89-5g45-qwc7. For more information see the GitHub-hosted security advisory...

Logs AWS credentials when TRACE-level logging is enabled

aws-sigv4 is a rust library for low level request signing in the aws cloud platform. The awssigv4::SigningParams struct had a derived Debug implementation. When debug-formatted, it would include a user's AWS access key, AWS secret key, and security token in plaintext. When TRACE-level logging is...

Adverserial use of `make_bitflags!` macro can cause undefined behavior

The macro relied on an expression of the form Enum::Variant always being a variant of the enum. However, it may also be an associated integer constant, in which case there's no guarantee that the value of said constant consists only of bits valid for this bitflag type. Thus, code like this could...

Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)

If an attacker is able to flood the network with pairs of HEADERS/RSTSTREAM frames, such that the h2 application is not able to accept them faster than the bytes are received, the pending accept queue can grow in memory usage. Being able to do this consistently can result in excessive memory use,...

Parsing borsh messages with ZST which are not-copy/clone is unsound

Affected versions of borsh cause undefined behavior when zero-sized-types ZST are parsed and the Copy/Clone traits are not implemented/derived. For instance if 1000 instances of a ZST are deserialized, and the ZST is not copy this can be achieved through a singleton, then accessing/writing to...

tree_magic is Unmaintained

The treemagic crate is unmaintained. The author has archived the github repository. Alternatives: - treemagicmini...

multipart is Unmaintained

The multipart crate is unmaintained. The author has archived the github repository. Alternatives: - multer - multiparty...

Initialisation failure in `Once::try_call_once` can lead to undefined behaviour for other initialisers

Once::trycallonce is unsound if invoked more than once concurrently and any call fails to initialise successfully...

`openssl` `X509NameBuilder::build` returned object is not thread safe

OpenSSL has a modified bit that it can set on on X509NAME objects. If this bit is set then the object is not thread-safe even when it appears the code is not modifying the value. Thanks to David Benjamin Google for reporting this issue...

TLS certificate common name validation bypass

The NATS official Rust clients are vulnerable to MitM when using TLS. The common name of the server's TLS certificate is validated against the hostname provided by the server's plaintext INFO message during the initial connection setup phase. A MitM proxy can tamper with the host field's value by...

`Versionize::deserialize` implementation for `FamStructWrapper<T>` is lacking bound checks, potentially leading to out of bounds memory accesses

An issue was discovered in the Versionize::deserialize implementation provided by the versionize crate for vmmsysutil::fam::FamStructWrapper, which can lead to out of bounds memory accesses. The impact started with version 0.1.1. The issue was corrected in version 0.1.10 by inserting a check that...

`openssl` `X509Extension::new` and `X509Extension::new_nid` null pointer dereference

These functions would crash when the context argument was None with certain extension types. Thanks to David Benjamin Google for reporting this issue...

TLS certificate common name validation bypass

The NATS official Rust clients are vulnerable to MitM when using TLS. The common name of the server's TLS certificate is validated against the hostname provided by the server's plaintext INFO message during the initial connection setup phase. A MitM proxy can tamper with the host field's value by...

`openssl` `SubjectAlternativeName` and `ExtendedKeyUsage::other` allow arbitrary file read

SubjectAlternativeName and ExtendedKeyUsage arguments were parsed using the OpenSSL function X509V3EXTnconf. This function parses all input using an OpenSSL mini-language which can perform arbitrary file reads. Thanks to David Benjamin Google for reporting this issue...

Unsound FFI: Wrong API usage causes write past allocated area

The following usage causes undefined behavior. rust let kp: ntru::types::KeyPair = …; kp.getpublic.exportDefault::default When compiled with debug assertions, the code above will trigger a attempt to subtract with overflow panic before UB occurs. Other mistakes e.g. using EncParams from a differe...

NULL pointer dereference in `stb_image`

A bug in error handling in the stbimage C library could cause a NULL pointer dereference when attempting to load an invalid or unsupported image file. This is fixed in version 0.2.5 and later of the stbimage Rust crate, by patching the C code to correctly handle NULL pointers. Thank you to GitHub...

Gitoxide has renamed its crates.

All crates in the gitoxide project have been renamed from git- to gix-. The git- prefixed crates are no longer being updated. Switch to using gix-path to continue receiving updates...

Gitoxide has renamed its crates.

All crates in the gitoxide project have been renamed from git- to gix-. The git- prefixed crates are no longer being updated. Switch to using gix-hash to continue receiving updates...

const-cstr is Unmaintained

Last release was about five years ago. The maintainers have been unreachable to respond to any issues that may or may not include security issues. The repository is now archived and there is no security policy in place to contact the maintainers otherwise. No direct fork exist. const-cstr is...

`maligned::align_first` causes incorrect deallocation

maligned::alignfirst manually allocates with an alignment larger than T, and then uses Vec::fromrawparts on that allocation to get a Vec. GlobalAlloc::dealloc requires that the layout argument must be the same layout that was used to allocate that block of memory. When deallocating, Box and Vec m...

Miscompilation of `i8x16.select` with the same inputs on x86\_64

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-xm67-587q-r2vw. For more information see the GitHub-hosted security advisory...

Guest-controlled out-of-bounds read/write on x86\_64

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-ff4p-7xrq-q5r8. For more information see the GitHub-hosted security advisory...

Ascii allows out-of-bounds array indexing in safe code

Affected version of this crate had implementation of From for &mut u8 and &mut str. This can result in out-of-bounds array indexing in safe code. The flaw was corrected in commit 8a6c779 by removing those impls...

Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU)

The removedirall crate is a Rust library that offers additional features over the Rust standard library fs::removedirall function. It was possible to trick a privileged process doing a recursive delete in an attacker controlled directory into deleting privileged files, on all operating systems. F...

Possible out-of-bounds read in release mode

Affected versions of this crate were using a debug assertion to validate the last parameter of partialsort. This would allow invalid inputs to cause an out-of-bounds read instead of immediately panicking, when compiled without debug assertions. All writes are bounds-checked, so the out-of-bounds...

ftp is unmaintained, use suppaftp instead

The ftp crate is not maintained any more; use suppaftp instead...

safemem is unmaintained

The latest crates.io release was in 2019. The repository has been archived by the author. Migration - safemem::copyoverslice, srcidx, destidx, len; can be replaced with slice.copywithinsrcidx..srcidx+len, destidx; as of rust 1.37.0. - safemem::writebytesslice, byte; can be replaced with...

Miscompilation in cortex-m-rt 0.7.1 and 0.7.2

Version 0.7.1 of the cortex-m-rt crate introduced a regression causing the stack to NOT be eight-byte aligned prior to calling main or any other specified entrypoint, violating the stack ABI of AAPCS32, the default ABI used by all Cortex-M targets. This regression is also present in version 0.7.2...