Lucene search
K
RustsecRecent

1141 matches found

RustSec
RustSec
•added 2022/11/05 12:0 p.m.•6 views

Data leakage between instances in the pooling allocator

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-wh6w-3828-g9qf. For more information see the GitHub-hosted security advisory...

8.6CVSS7AI score0.00657EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/11/05 12:0 p.m.•4 views

Out of bounds read/write with zero-memory-pages configuration

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-44mr-8vmm-wjhg. For more information see the GitHub-hosted security advisory...

7.4CVSS7AI score0.00577EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/11/01 12:0 p.m.•61 views

X.509 Email Address 4-byte Buffer Overflow

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

7.5CVSS2.9AI score0.9077EPSS
Exploits6Affected Software1
RustSec
RustSec
•added 2022/11/01 12:0 p.m.•43 views

X.509 Email Address Variable Length Buffer Overflow

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate...

7.5CVSS3.3AI score0.92488EPSS
Exploits2Affected Software1
RustSec
RustSec
•added 2022/10/31 12:0 p.m.•14 views

ELF header parsing library doesn't check for valid offset

The crate has several unsafe sections that don't perform proper pointer validation. An example can be found in the following function: fn sectionheaderraw&self - &ET::SectionHeader let shoff = self.elfheader.sectionheaderoffset as usize; let shnum = self.elfheader.sectionheaderentrynum as usize;...

1.1AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/10/30 12:0 p.m.•19 views

Denial of Service from unchecked request length

Prior to version 0.4.2, conduit-hyper did not check any limit on a request's length before calling hyper::body::tobytes. An attacker could send a malicious request with an abnormally large Content-Length, which could lead to a panic if memory allocation failed for that request. In version 0.4.2,...

7.5CVSS3.3AI score0.00689EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/10/25 12:0 p.m.•27 views

evm incorrect state transition

SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the isstatic parameter to determine if the call is executed in a static context via STATICCALL, and thus decide if stateful operations should be done. Prior to version 0.36.0, th...

7.5CVSS1.6AI score0.00538EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/10/24 12:0 p.m.•22 views

matrix-sdk 0.6.0 logs access tokens

When sending Matrix requests using an affected version of matrix-sdk in an application that writes logs using tracing-subscriber in a way that includes fields of tracing spans such as tracingsubscribers default text output from the fmt module, these logs will contain the user's access token...

4.3AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/10/22 12:0 p.m.•15 views

Invalid use of `mem::uninitialized` causes `use-of-uninitialized-value`

The compression and decompression function used mem:uninitialized to create an array of uninitialized values, to later write values into it. This later leads to reads from uninitialized memory. The flaw was corrected in commit b633bf265e41c60dfce3be7eac4e4dd5e18d06cf by using a heap-allocated Vec...

2.1AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/10/13 12:0 p.m.•12 views

orbtk is Unmaintained

The orbtk crate is no longer maintained. Alternatives proposed by the authors: iced slint...

3.6AI score
Exploits0
RustSec
RustSec
•added 2022/10/11 12:0 p.m.•39 views

Using a Custom Cipher with `NID_undef` may lead to NULL encryption

OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0...

7.5CVSS7.4AI score0.02846EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/10/10 12:0 p.m.•27 views

Slack Webhooks secrets leak in debug logs

Debug log formatting made it possible to leak Webhooks secrets into debug logs. The patched version has introduced more strict checks to avoid this...

7.5CVSS2.4AI score0.00663EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/10/01 12:0 p.m.•16 views

Crate `parity-wasm` deprecated by the author

This PR explicitly deprecates parity-wasm. The author recommends switching to wasm-tools...

1.8AI score
Exploits0
RustSec
RustSec
•added 2022/09/29 12:0 p.m.•26 views

matrix-sdk Impersonation of room keys

When the user receives a forwarded room key, the software accepts it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack...

8.6CVSS4.6AI score0.00488EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/09/28 12:0 p.m.•8 views

Library exclusively intended to inject UB into safe Rust.

Quoting from the crate description: This crate is created purely to inject undefined behavior into stable, safe rust. Specifically, the inconceivable! macro is insta-UB if the ubinconceivable feature is enabled by any reverse dependency. The value this adds is questionable, and hides unsafe code...

1.3AI score
Exploits0
RustSec
RustSec
•added 2022/09/19 12:0 p.m.•22 views

`tauri` filesystem scope partial bypass

A bug identified in this issue allows a partial filesystem scope bypass if glob characters are used within file dialog or drag-and-drop functionalities. This PR fixes the issue by escaping glob characters...

4.7CVSS4.7AI score0.00421EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/09/07 12:0 p.m.•17 views

Multiple vulnerabilities resulting in out-of-bounds writes

The heap initialization methods were missing a minimum size check for the given heap size argument. This could lead to out-of-bound writes when a heap was initialized with a size smaller than 3 sizeof:: because of metadata write operations. When calling Heap::extend with a size smaller than two...

9.8CVSS9.2AI score0.00754EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2022/08/31 12:0 p.m.•11 views

badge is Unmaintained

The maintainer has advised this crate is deprecated and will not receive any maintenance. The crate depends on the deprecated rusttype crate and won't receive updates anymore. Possible Alternatives The below list has not been vetted in any way and may or may not contain alternatives; - badge-make...

2.7AI score
Exploits0
RustSec
RustSec
•added 2022/08/31 12:0 p.m.•21 views

No default limit put on request bodies

::fromrequest would not, by default, set a limit for the size of the request body. That meant if a malicious peer would send a very large or infinite body your server might run out of memory and crash. This also applies to these extractors which used Bytes::fromrequest internally: -...

7.5CVSS1.2AI score0.0082EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2022/08/26 12:0 p.m.•18 views

`os_socketaddr` invalidly assumes the memory layout of std::net::SocketAddr

The ossocketaddr crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. These layout were changed into idiomatic rust...

2.4AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/08/25 12:0 p.m.•38 views

Memory corruption in liblz4

lz4-sys up to v1.9.3 bundles a version of liblz4 that is vulnerable to CVE-2021-3520. Attackers could craft a payload that triggers an integer overflow upon decompression, causing an out-of-bounds write. The flaw has been corrected in version v1.9.4 of liblz4, which is included in lz4-sys 1.9.4...

9.8CVSS5.9AI score0.03216EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/08/24 12:0 p.m.•14 views

mapr is Unmaintained

The mapr fork has been merged back into upstream fork memmap2. The maintainers have advised mapr is deprecated and will not receive any maintenance in favor of using memmap2. Possible Alternatives The below list has not been vetted in any way and may or may not contain alternatives; - memmap2...

1.8AI score
Exploits0
RustSec
RustSec
•added 2022/08/15 12:0 p.m.•15 views

Use after free in MacOS / iOS implementation

In iana-time-zone v0.1.43 a use-after-free bug in the MacOS / iOS implementation was introduced. The copied system time zone was released before its name was copied. If the system time zone was changed between the call of CFRelease and str::toowned, random memory would be copied...

1.4AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/08/07 12:0 p.m.•30 views

`tauri`'s `readDir` endpoint allows possible enumeration outside of filesystem scope

It is possible for readDir to incorrectly enumerate files from a symlinked directory if called recursively when specifying an empty string for the dir parameter as outlined in this issue. This is corrected in this PR by checking if a directory is a symlink before reading from it...

8.3CVSS3.7AI score0.00773EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2022/08/04 12:0 p.m.•16 views

Interledger is Unmaintained

Interledger family of crates is not being actively maintained anymore. The owner of the published crate does not appear to be responsive. There is an outstanding concern around username comparison. This concern may or may not be resolved by bumping up the dependencies of the project...

2.9AI score
Exploits0
RustSec
RustSec
•added 2022/08/03 12:0 p.m.•37 views

`libsqlite3-sys` via C SQLite CVE-2022-35737

It was sometimes possible for SQLite versions = 1.0.12, 3.39.2 to allow an array-bounds overflow when large string were input into SQLite's printf function. As libsqlite3-sys bundles SQLite, it is susceptible to the vulnerability. libsqlite3-sys was updated to bundle the patched version of SQLite...

7.5CVSS4.4AI score0.17981EPSS
Exploits2Affected Software1
RustSec
RustSec
•added 2022/08/01 12:0 p.m.•60 views

Unbounded memory allocation based on untrusted length

Impact Untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based on the declared dataframe size, which may come from an untrusted source. When...

7.5CVSS1.1AI score0.01483EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/07/30 12:0 p.m.•20 views

Post-Quantum Key Encapsulation Mechanism SIKE broken

Wouter Castryck and Thomas Decru presented an efficient key recovery attack on the SIDH protocol. As a result, the secret key of SIKEp751 can be recovered in a matter of hours. The SIKE and SIDH schemes will be removed from oqs 0.7.2. The affected schemes are the oqs::kem::Algorithm::Sike and...

2.6AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/07/28 12:0 p.m.•26 views

Denial of service on deeply nested fragment requests

Deeply nested fragments in a GraphQL request may cause a stack overflow in the server...

7.5CVSS3.3AI score0.01331EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2022/07/22 12:0 p.m.•15 views

Safety issues in `pkcs11`

Impact The interface of pkcs11 is subject to a number of safety issues, mainly related to handling of raw pointers. Despite presenting a safe interface, many of the functions and methods that rely on inputs which contain pointers attributes and mechanisms in particular can lead to segmentation...

1.8AI score
Exploits0
RustSec
RustSec
•added 2022/07/22 12:0 p.m.•22 views

Slack OAuth Secrets leak in debug logs

Debug log formatting made it possible to leak OAuth secrets into debug logs. The patched version has introduced more strict checks to avoid this...

7.5CVSS2.9AI score0.00739EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/07/21 12:0 p.m.•17 views

Denial of service on deeply nested fragment requests

Deeply nested fragments in a GraphQL request may cause a stack overflow in the server...

3.3AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/07/12 12:0 p.m.•18 views

libp2p Lack of resource management DoS

libp2p allows a potential attacker to cause victim p2p node to run out of memory The out of memory failure can cause crashes where libp2p is intended to be used within large scale networks leading to potential Denial of Service DoS vector Users should upgrade or reference the DoS mitigation...

7.5CVSS4.9AI score0.00689EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/07/12 12:0 p.m.•4 views

Use After Free with `externref`s in Wasmtime

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-5fhj-g3p3-pq9g. For more information see the GitHub-hosted security advisory...

8.8CVSS7AI score0.00856EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/07/05 12:0 p.m.•53 views

Heap memory corruption with RSA private key operation

The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X8664 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a...

10CVSS3.1AI score0.44881EPSS
Exploits3Affected Software1
RustSec
RustSec
•added 2022/07/05 12:0 p.m.•119 views

AES OCB fails to encrypt some bytes

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...

5.3CVSS1.3AI score0.04425EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/07/05 12:0 p.m.•4 views

Miscompilation of constant values in division on AArch64

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-7f6x-jwh5-m9r4. For more information see the GitHub-hosted security advisory...

7AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/06/27 12:0 p.m.•6 views

Miscompilation of `i8x16.swizzle` and `select` with v128 inputs

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-jqwc-c49r-4w2x. For more information see the GitHub-hosted security advisory...

6.8CVSS7AI score0.01625EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/06/25 12:0 p.m.•15 views

clipboard is Unmaintained

Last release was almost 4 years ago and the repository with outstanding issues and pull requests seems to be abandoned by the maintainer. In addition the sole maintainer account may be abandoned that may represent account takeover risk. Current outstanding issues include vulnerable dependencies...

1.6AI score
Exploits0
RustSec
RustSec
•added 2022/06/11 12:0 p.m.•8 views

Double Public Key Signing Function Oracle Attack on `ed25519-dalek`

Versions of ed25519-dalek prior to v2.0 model private and public keys as separate types which can be assembled into a Keypair, and also provide APIs for serializing and deserializing 64-byte private/public keypairs. Such APIs and serializations are inherently unsafe as the public key is one of th...

5.9CVSS7AI score0.00183EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/06/07 12:0 p.m.•14 views

`MsQueue` `push`/`pop` use the wrong orderings

Affected versions of this crate use orderings which are too weak to support this data structure. It is likely this has caused memory corruption in the wild:...

1.2AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/05/22 12:0 p.m.•15 views

Use after free in Neon external buffers

Neon provides functionality for creating JavaScript ArrayBuffer and the Buffer subtype instances backed by bytes allocated outside of V8/Node. The JsArrayBuffer::external and JsBuffer::external did not require T: 'static prior to Neon 0.10.1. This allowed creating an externally backed buffer from...

1.4AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/05/21 12:0 p.m.•26 views

Panic due to improper UTF-8 indexing

When parsing untrusted rulex expressions, rulex may panic, possibly enabling a Denial of Service attack. This happens when the expression contains a multi- byte UTF-8 code point in a string literal or after a backslash, because rulex tries to slice into the code point and panics as a result. The...

6.5CVSS1.2AI score0.00796EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/05/21 12:0 p.m.•25 views

Stack overflow during recursive expression parsing

When parsing untrusted rulex expressions, the stack may overflow, possibly enabling a Denial of Service attack. This happens when parsing an expression with several hundred levels of nesting, causing the process to abort immediately. The flaw was corrected in commits 60aa2dc03a by adding a check ...

6.5CVSS3.4AI score0.00879EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/05/11 12:0 p.m.•18 views

Out-of-bounds read when opening multiple column families with TTL

Affected versions of this crate called the RocksDB C API rocksdbopencolumnfamilieswithttl with a pointer to a single integer TTL value, but one TTL value for each column family is expected. This is only relevant when using rocksdb::DBWithThreadMode::opencfdescriptorswithttl with multiple column...

3AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/05/11 12:0 p.m.•15 views

double-checked-cell is unmaintained

The author recommends switching to oncecell, which offers a superset of the functionality...

3.5AI score
Exploits0
RustSec
RustSec
•added 2022/05/11 12:0 p.m.•15 views

`static_type_map` has been renamed to `erased_set`

Please use the erasedset crate going forward: There will be no further releases of statictypemap...

Exploits0
RustSec
RustSec
•added 2022/05/11 12:0 p.m.•20 views

wee_alloc is Unmaintained

Two of the maintainers have indicated that the crate may not be maintained. The crate has open issues including memory leaks and may not be suitable for production use. It may be best to switch to the default Rust standard allocator on wasm32 targets. Last release seems to have been three years...

2AI score
Exploits0
RustSec
RustSec
•added 2022/05/10 12:0 p.m.•18 views

`SegQueue` creates zero value of any type

Affected versions of this crate called mem::zeroed to create values of a user-supplied type T. This is unsound e.g. if T is a reference type which must be non-null. The flaw was corrected by avoiding the use of mem::zeroed, using MaybeUninit instead...

3.1AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/05/10 12:0 p.m.•19 views

`SegQueue` creates zero value of any type

Affected versions of this crate called mem::zeroed to create values of a user-supplied type T. This is unsound e.g. if T is a reference type which must be non-null. The flaw was corrected by avoiding the use of mem::zeroed, using MaybeUninit instead...

3.1AI score
Exploits0Affected Software1
Total number of security vulnerabilities1141