Lucene search
K
RustsecRecent

1141 matches found

RustSec
RustSec
•added 2023/04/11 12:0 p.m.•12 views

tree_magic is Unmaintained

The treemagic crate is unmaintained. The author has archived the github repository. Alternatives: - treemagicmini...

6.7AI score
Exploits0
RustSec
RustSec
•added 2023/03/31 12:0 p.m.•16 views

Initialisation failure in `Once::try_call_once` can lead to undefined behaviour for other initialisers

Once::trycallonce is unsound if invoked more than once concurrently and any call fails to initialise successfully...

6.7AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2023/03/24 12:0 p.m.•17 views

TLS certificate common name validation bypass

The NATS official Rust clients are vulnerable to MitM when using TLS. The common name of the server's TLS certificate is validated against the hostname provided by the server's plaintext INFO message during the initial connection setup phase. A MitM proxy can tamper with the host field's value by...

7AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2023/03/24 12:0 p.m.•22 views

`openssl` `X509NameBuilder::build` returned object is not thread safe

OpenSSL has a modified bit that it can set on on X509NAME objects. If this bit is set then the object is not thread-safe even when it appears the code is not modifying the value. Thanks to David Benjamin Google for reporting this issue...

6.8AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2023/03/24 12:0 p.m.•20 views

TLS certificate common name validation bypass

The NATS official Rust clients are vulnerable to MitM when using TLS. The common name of the server's TLS certificate is validated against the hostname provided by the server's plaintext INFO message during the initial connection setup phase. A MitM proxy can tamper with the host field's value by...

6.5AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2023/03/24 12:0 p.m.•48 views

`Versionize::deserialize` implementation for `FamStructWrapper<T>` is lacking bound checks, potentially leading to out of bounds memory accesses

An issue was discovered in the Versionize::deserialize implementation provided by the versionize crate for vmmsysutil::fam::FamStructWrapper, which can lead to out of bounds memory accesses. The impact started with version 0.1.1. The issue was corrected in version 0.1.10 by inserting a check that...

7.5CVSS6.7AI score0.00556EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2023/03/24 12:0 p.m.•26 views

`openssl` `X509Extension::new` and `X509Extension::new_nid` null pointer dereference

These functions would crash when the context argument was None with certain extension types. Thanks to David Benjamin Google for reporting this issue...

6.7AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2023/03/24 12:0 p.m.•36 views

`openssl` `SubjectAlternativeName` and `ExtendedKeyUsage::other` allow arbitrary file read

SubjectAlternativeName and ExtendedKeyUsage arguments were parsed using the OpenSSL function X509V3EXTnconf. This function parses all input using an OpenSSL mini-language which can perform arbitrary file reads. Thanks to David Benjamin Google for reporting this issue...

6.9AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2023/03/22 12:0 p.m.•14 views

Unsound FFI: Wrong API usage causes write past allocated area

The following usage causes undefined behavior. rust let kp: ntru::types::KeyPair = …; kp.getpublic.exportDefault::default When compiled with debug assertions, the code above will trigger a attempt to subtract with overflow panic before UB occurs. Other mistakes e.g. using EncParams from a differe...

6.8AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2023/03/19 12:0 p.m.•18 views

NULL pointer dereference in `stb_image`

A bug in error handling in the stbimage C library could cause a NULL pointer dereference when attempting to load an invalid or unsupported image file. This is fixed in version 0.2.5 and later of the stbimage Rust crate, by patching the C code to correctly handle NULL pointers. Thank you to GitHub...

7.1AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2023/03/14 12:0 p.m.•15 views

Gitoxide has renamed its crates.

All crates in the gitoxide project have been renamed from git- to gix-. The git- prefixed crates are no longer being updated. Switch to using gix-path to continue receiving updates...

6.8AI score
Exploits0
RustSec
RustSec
•added 2023/03/14 12:0 p.m.•15 views

Gitoxide has renamed its crates.

All crates in the gitoxide project have been renamed from git- to gix-. The git- prefixed crates are no longer being updated. Switch to using gix-hash to continue receiving updates...

6.8AI score
Exploits0
RustSec
RustSec
•added 2023/03/12 12:0 p.m.•14 views

const-cstr is Unmaintained

Last release was about five years ago. The maintainers have been unreachable to respond to any issues that may or may not include security issues. The repository is now archived and there is no security policy in place to contact the maintainers otherwise. No direct fork exist. const-cstr is...

0.5AI score
Exploits0
RustSec
RustSec
•added 2023/03/04 12:0 p.m.•18 views

`maligned::align_first` causes incorrect deallocation

maligned::alignfirst manually allocates with an alignment larger than T, and then uses Vec::fromrawparts on that allocation to get a Vec. GlobalAlloc::dealloc requires that the layout argument must be the same layout that was used to allocate that block of memory. When deallocating, Box and Vec m...

2.2AI score
Exploits0
RustSec
RustSec
•added 2023/03/03 12:0 p.m.•4 views

Miscompilation of `i8x16.select` with the same inputs on x86\_64

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-xm67-587q-r2vw. For more information see the GitHub-hosted security advisory...

4.3CVSS7AI score0.00624EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2023/03/02 12:0 p.m.•7 views

Guest-controlled out-of-bounds read/write on x86\_64

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-ff4p-7xrq-q5r8. For more information see the GitHub-hosted security advisory...

9.9CVSS7AI score0.01261EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2023/02/25 12:0 p.m.•19 views

Ascii allows out-of-bounds array indexing in safe code

Affected version of this crate had implementation of From for &mut u8 and &mut str. This can result in out-of-bounds array indexing in safe code. The flaw was corrected in commit 8a6c779 by removing those impls...

4.5AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2023/02/24 12:0 p.m.•19 views

Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU)

The removedirall crate is a Rust library that offers additional features over the Rust standard library fs::removedirall function. It was possible to trick a privileged process doing a recursive delete in an attacker controlled directory into deleting privileged files, on all operating systems. F...

0.6AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2023/02/20 12:0 p.m.•17 views

Possible out-of-bounds read in release mode

Affected versions of this crate were using a debug assertion to validate the last parameter of partialsort. This would allow invalid inputs to cause an out-of-bounds read instead of immediately panicking, when compiled without debug assertions. All writes are bounds-checked, so the out-of-bounds...

4.8AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2023/02/20 12:0 p.m.•6 views

ftp is unmaintained, use suppaftp instead

The ftp crate is not maintained any more; use suppaftp instead...

6.9AI score
Exploits0
RustSec
RustSec
•added 2023/02/14 12:0 p.m.•3 views

safemem is unmaintained

The latest crates.io release was in 2019. The repository has been archived by the author. Migration - safemem::copyoverslice, srcidx, destidx, len; can be replaced with slice.copywithinsrcidx..srcidx+len, destidx; as of rust 1.37.0. - safemem::writebytesslice, byte; can be replaced with...

7.1AI score
Exploits0
RustSec
RustSec
•added 2023/02/13 12:0 p.m.•17 views

Miscompilation in cortex-m-rt 0.7.1 and 0.7.2

Version 0.7.1 of the cortex-m-rt crate introduced a regression causing the stack to NOT be eight-byte aligned prior to calling main or any other specified entrypoint, violating the stack ABI of AAPCS32, the default ABI used by all Cortex-M targets. This regression is also present in version 0.7.2...

3AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2023/02/07 12:0 p.m.•36 views

`NULL` dereference validating DSA public key

An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVPPKEYpubliccheck function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allo...

7.5CVSS7.1AI score0.01846EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2023/02/07 12:0 p.m.•56 views

Double free after calling `PEM_read_bio_ex`

The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" e.g. "CERTIFICATE", any header data and the payload data. If the function succeeds then the "nameout", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data...

7.5CVSS7AI score0.20444EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2023/02/07 12:0 p.m.•43 views

Use-after-free following `BIO_new_NDEF`

The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the...

7.5CVSS6.6AI score0.04494EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2023/02/07 12:0 p.m.•64 views

`NULL` dereference during PKCS7 data verification

A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail...

7.5CVSS7.4AI score0.01846EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2023/02/07 12:0 p.m.•106 views

X.400 address type confusion in X.509 `GeneralName`

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...

7.4CVSS6.7AI score0.59501EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2023/02/07 12:0 p.m.•72 views

X.509 Name Constraints Read Buffer Overflow

A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

4.9CVSS1.7AI score0.01481EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2023/02/07 12:0 p.m.•36 views

Invalid pointer dereference in `d2i_PKCS7` functions

An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2iPKCS7, d2iPKCS7bio or d2iPKCS7fp functions. The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in...

7.5CVSS7.3AI score0.01846EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2023/02/07 12:0 p.m.•72 views

Timing Oracle in RSA Decryption

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages fo...

5.9CVSS6.5AI score0.16195EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2023/01/24 12:0 p.m.•26 views

buf_redux is Unmaintained

Last release was over three years ago. The maintainers have been unreachable to respond to any issues that may or may not include security issues. The repository is now archived and there is no security policy in place to contact the maintainers otherwise. The safety-undocumented unsafe in the...

6.7AI score
Exploits0
RustSec
RustSec
•added 2023/01/21 12:0 p.m.•16 views

`kuchiki` is unmaintained

The kuchiki repo was marked as archived in this commit. Possible Alternatives Possible alternatives may include: - kuchikiki - html5ever - xml-rs...

6.9AI score
Exploits0
RustSec
RustSec
•added 2023/01/20 12:0 p.m.•47 views

git2 does not verify SSH keys by default

The git2 and libgit2-sys crates are Rust wrappers around the libgit2 C library. It was discovered that libgit2 1.5.0 and below did not verify SSH host keys when establishing an SSH connection, exposing users of the library to Man-In-the-Middle attacks. The libgit2 team assigned...

5.9CVSS6.3AI score0.0058EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2023/01/12 12:0 p.m.•41 views

git2 Rust package suppresses ssh host key checking

By default, when accessing an ssh repository ie via an ssh: git repository url the git2 Rust package does not do any host key checking. Additionally, the provided API is not sufficient for a an application to do meaningful checking itself. Impact When connecting to an ssh repository, and when an...

5.9CVSS5.6AI score0.00649EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2023/01/11 12:0 p.m.•17 views

`tokio::io::ReadHalf<T>::unsplit` is Unsound

tokio::io::ReadHalf::unsplit can violate the Pin contract The soundness issue is described in the tokio/issues5372 Specific set of conditions needed to trigger an issue a !Unpin type in ReadHalf is unusual, combined with the difficulty of making any arbitrary use-after-free exploitable in Rust...

1.6AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2023/01/09 12:0 p.m.•51 views

bzip2 Denial of Service (DoS)

Working with specific payloads can cause a Denial of Service DoS vector. Both Decompress and Compress implementations can enter into infinite loops given specific payloads entered that trigger it. The issue is described in great detail in the bzip2 repository issue. Thanks to bjrjk for finding an...

7.5CVSS7AI score0.01212EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2023/01/04 12:0 p.m.•42 views

reject_remote_clients Configuration corruption

On Windows, configuring a named pipe server with pipemode will force ServerOptions::rejectremoteclients as false. This drops any intended explicit configuration for the rejectremoteclients that may have been set as true previously. The default setting of rejectremoteclients is normally true meani...

5.4CVSS5.7AI score0.00569EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/12/23 12:0 p.m.•13 views

Location header incorporates user input, allowing open redirect

When hyper-staticfile performs a redirect for a directory request e.g. a request for /dir that redirects to /dir/, the Location header value was derived from user input the request path, simply appending a slash. The intent was to perform an origin-relative redirect, but specific inputs allowed...

2.3AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/12/21 12:0 p.m.•11 views

crate has been renamed to `embedded-alloc`

This crate has been renamed from alloc-cortex-m to embedded-alloc. The new repository location is:...

7.1AI score
Exploits0
RustSec
RustSec
•added 2022/12/04 12:0 p.m.•17 views

`claim` is Unmaintained

The last release was in February 2021, almost two years ago. The maintainer has been unresponsive regarding this crate for over a year. A pending issue with claim's dependencies has made the crate difficult to use. Possible Alternatives The below list has not been vetted in any way and may or may...

3.5AI score
Exploits0
RustSec
RustSec
•added 2022/12/02 12:0 p.m.•14 views

Force cast a &Vec<T> to &[T]

In function Table::asref, a reference of vector is force cast to slice. There are multiple problems here: 1. To guarantee the size is correct, we have to first do Vec::shrinktofit. The function requires a mutable reference, so we have to force cast from immutable to mutable, which is UB. 2. Even ...

2.1AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/11/30 12:0 p.m.•14 views

Improper validation of Windows paths could lead to directory traversal attack

Path resolution in hyper-staticfile didn't correctly validate Windows paths meaning paths like /foo/bar/c:/windows/web/screen/img101.png would be allowed and respond with the contents of c:/windows/web/screen/img101.png. Thus users could potentially read files anywhere on the filesystem. This onl...

4.6AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/11/30 12:0 p.m.•22 views

out-of-bounds read possible when setting list-of-pointers

If a message consumer expects data of type "list of pointers", and if the consumer performs certain specific actions on such data, then a message producer can cause the consumer to read out-of-bounds memory. This could trigger a process crash in the consumer, or in some cases could allow...

5.4CVSS1.2AI score0.00852EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/11/30 12:0 p.m.•21 views

Unsound API in `secp256k1` allows use-after-free and invalid deallocation from safe code

Because of incorrect bounds on method Secp256k1::preallocatedgennew it was possible to cause use-after-free from safe consumer code. It was also possible to "free" memory not allocated by the appropriate allocator. The method takes a place for storing the context as a mutable reference and return...

0.2AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/11/30 12:0 p.m.•15 views

parity-util-mem Unmaintained

The crate has been deprecated and will receive no updates with no repository source. The crate has a warning surrounding it's use related to global allocator use that may lead to UB...

1AI score
Exploits0
RustSec
RustSec
•added 2022/11/23 12:0 p.m.•7 views

Mimalloc Can Allocate Memory with Bad Alignment

This crate depended on a promise regarding alignments made by the author of the mimalloc allocator to avoid using aligned allocation functions where possible for performance reasons. Since then, the mimalloc allocator's logic changed, making it break this promise. This caused this crate to return...

7AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/11/19 12:0 p.m.•40 views

`aliyun-oss-client` secret exposure

The aliyun-oss-client unintentionally divulges the authentication secret. This bug was fixed in this commit by limiting the concerned traits to be pub only within the crate...

5.6CVSS1.4AI score0.00421EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/11/10 12:0 p.m.•26 views

Bug in Wasmtime implementation of pooling instance allocator

Bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mapping for WebAssembly memories did not meet the compiler-required configuration...

7.4CVSS1AI score0.00577EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/11/10 12:0 p.m.•18 views

Bug in pooling instance allocator

bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance. Mitigations are described here...

8.6CVSS1.6AI score0.00657EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/11/07 12:0 p.m.•7 views

Out of bounds write in `wasmtime_trap_code` C API function

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-h84q-m8rr-3v9q. For more information see the GitHub-hosted security advisory...

9.8CVSS7AI score0.00315EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1141