Lucene search
K
RustsecRecent

1141 matches found

RustSec
RustSec
•added 2022/05/10 12:0 p.m.•19 views

`SegQueue` creates zero value of any type

Affected versions of this crate called mem::zeroed to create values of a user-supplied type T. This is unsound e.g. if T is a reference type which must be non-null. The flaw was corrected by avoiding the use of mem::zeroed, using MaybeUninit instead...

3.1AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/05/10 12:0 p.m.•18 views

Channel creates zero value of any type

Affected versions of this crate called mem::zeroed to create values of a user-supplied type T. This is unsound e.g. if T is a reference type which must be non-null. The flaw was corrected by avoiding the use of mem::zeroed, using MaybeUninit instead...

2.8AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/05/10 12:0 p.m.•13 views

malicious crate `rustdecimal`

The Rust Security Response WG and the crates.io team were notified1 on 2022-05-02 of the existence of the malicious crate rustdecimal, which contained malware. The crate name was intentionally similar to the name of the popular rustdecimal2 crate, hoping that potential victims would misspell its...

0.5AI score
Exploits0
RustSec
RustSec
•added 2022/05/09 12:0 p.m.•31 views

Timing attack

Affecting versions did not compare tokens in constant time, which could make it possible for an attacker to guess the 2fa token of a user. This has been fixed by using using the crate constanttimeeq for comparison...

4.4CVSS4.8AI score0.00789EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/05/03 12:0 p.m.•42 views

Resource leakage when decoding certificates and keys

The OPENSSLLHflush function, which empties a hash table, contains a bug that breaks reuse of the memory occupied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will...

7.5CVSS1.5AI score0.02386EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/05/03 12:0 p.m.•35 views

Incorrect MAC key used in the RC4-MD5 ciphersuite

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipie...

5.9CVSS3.4AI score0.01026EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/05/03 12:0 p.m.•33 views

`OCSP_basic_verify` may incorrectly verify the response signing certificate

The function OCSPbasicverify verifies the signer certificate on an OCSP response. In the case where the non-default flag OCSPNOCHECKS is used then the response will be positive meaning a successful verification even in the case where the response signing certificate fails to verify. It is...

5.3CVSS1.5AI score0.01174EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/04/27 12:0 p.m.•18 views

`array!` macro is unsound when its length is impure constant

Affected versions of this crate did substitute the array length provided by an user at compile-time multiple times. When an impure constant expression is passed as an array length such as a result of an impure procedural macro, this can result in the initialization of an array with uninitialized...

3.3AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/04/24 12:0 p.m.•16 views

Rusoto is unmaintained

The maintainers of Rusoto advise that all its crates are deprecated. This includes the common crates rusotocore, rusotosignature, rusotocredential, and service crates such as rusotos3 and rusotoec2. Users should migrate to the AWS SDK for Rust, which is maintained by AWS...

3.3AI score
Exploits0
RustSec
RustSec
•added 2022/04/13 12:0 p.m.•18 views

`rmp-serde` `Raw` and `RawRef` unsound

It was found that Raw::fromutf8 expects valid UTF-8. If invalid UTF-8 is received it can cause the process to crash...

6.7AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/03/31 12:0 p.m.•28 views

Use after free with `externref`s and epoch interruption in Wasmtime

Use after free with externrefs and epoch interruption in Wasmtime...

9.8CVSS1.6AI score0.01137EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/03/28 12:0 p.m.•5 views

Use after free with `externref`s and epoch interruption in Wasmtime

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-gwc9-348x-qwv2. For more information see the GitHub-hosted security advisory...

9.8CVSS7AI score0.01137EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/03/22 12:0 p.m.•11 views

pty is unmaintained

The repository hasn't received any updates since Jun 25, 2017 and the author is unresponsive. Maintained alternatives include: tokio-pty-process pty-process...

2.5AI score
Exploits0
RustSec
RustSec
•added 2022/03/15 12:0 p.m.•87 views

Infinite loop in `BN_mod_sqrt()` reachable when parsing certificates

The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a...

7.5CVSS7.8AI score0.70561EPSS
Exploits2Affected Software1
RustSec
RustSec
•added 2022/03/08 12:0 p.m.•36 views

Regexes with large repetitions on empty sub-expressions take a very long time to parse

The Rust Security Response WG was notified that the regex crate did not properly limit the complexity of the regular expressions regex it parses. An attacker could use this security issue to perform a denial of service, by sending a specially crafted regex to a service accepting untrusted regexes...

7.5CVSS2.9AI score0.1446EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2022/03/04 12:0 p.m.•4 views

Incorrect signature verification on gzip-compressed install images

The coreos-installer is a program to fetch a disk image and stream it to a target disk. During the installation process the installation image gpg signatures are verified. The signature verification can be bypassed for gzip-compressed images due to a flaw in gzip coreos-installer wrapper. When th...

7.8CVSS7AI score0.00515EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2022/03/04 12:0 p.m.•13 views

Arrow2 allows double free in `safe` code

The struct FfiArrowArray implements deriveClone that is inconsistent with its custom implementation of Drop, resulting in a double free when cloned. Cloning this struct in safe results in a segmentation fault, which is unsound. This derive was removed from this struct. All users are advised to...

3.3AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/02/28 12:0 p.m.•18 views

Miscomputation when performing AES encryption in rust-crypto

The following Rust program demonstrates some strangeness in AES encryption - if you have an immutable key slice and then operate on that slice, you get different encryption output than if you operate on a copy of that key. For these functions, we expect that extending a 16 byte key to a 32 byte k...

7.3AI score
Exploits0
RustSec
RustSec
•added 2022/02/25 12:0 p.m.•16 views

Post-Quantum Signature scheme Rainbow level I parametersets broken

Ward Beullens found a practical key-recovery attack against Rainbow. The level I parametersets are removed from liboqs starting from version 0.7.2. Find the scientific details in Breaking Rainbow Takes a Weekend on a Laptop. This means all the oqs::sig::Algorithm::RainbowI variants are insecure...

4.2AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/02/17 12:0 p.m.•15 views

enum_map macro can cause UB when `Enum` trait is incorrectly implemented

Affected versions of this crate did not properly check the length of an enum when using enummap! macro, trusting user-provided length. When the LENGTH in the Enum trait does not match the array length in the EnumArray trait, this can result in the initialization of the enum map with uninitialized...

0.9AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/02/17 12:0 p.m.•7 views

Invalid drop of VMExternRef from partially-initialized instances in the pooling instance allocator

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-88xq-w8cq-xfg7. For more information see the GitHub-hosted security advisory...

8.1CVSS7AI score0.00772EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2022/02/08 12:0 p.m.•6 views

`structopt` is in maintenance mode

structopt has been in maintenance mode, with no new development planned, since at least February of 2022. The status of structopt is discussed in a pinned issue. Recommended alternative The structopt derive wrapper was incorporated into clap v3. There is a migration guideclap-migration for...

5.7AI score
Exploits0
RustSec
RustSec
•added 2022/02/07 12:0 p.m.•33 views

Failure to verify the public key of a `SignedEnvelope` against the `PeerId` in a `PeerRecord`

Affected versions of this crate did not check that the public key the signature was created with matches the peer ID of the peer record. Any combination was considered valid. This allows an attacker to republish an existing PeerRecord with a different PeerId...

4.1AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/02/05 12:0 p.m.•19 views

Unsoundness of AtomicCell<*64> arithmetics on 32-bit targets that support Atomic*64

Impact Affected versions of this crate incorrectly assumed that the alignment of i,u64 was always the same as AtomicI,U64. However, the alignment of i,u64 on a 32-bit target can be smaller than AtomicI,U64. This can cause the following problems: - Unaligned memory accesses - Data race Crates usin...

8.1CVSS1AI score0.01239EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2022/02/01 12:0 p.m.•21 views

json is unmaintained

Last release was almost 3 years ago. The maintainer is unresponsive with outstanding issues. One of the outstanding issues include a possible soundness issue. Possible Alternatives The below list has not been vetted in any way and may or may not contain alternatives; - jzon maintained fork of jso...

7.2AI score
Exploits0
RustSec
RustSec
•added 2022/01/26 12:0 p.m.•35 views

Multiple soundness issues in `owning_ref`

OwningRef::mapwithowner is unsound and may result in a use-after-free. - OwningRef::map is unsound and may result in a use-after-free. - OwningRefMut::asowner and OwningRefMut::asownermut are unsound and may result in a use-after-free. - The crate violates Rust's aliasing rules, which may cause...

7.1AI score
Exploits0
RustSec
RustSec
•added 2022/01/26 12:0 p.m.•13 views

xml-rs is Unmaintained

xml-rs is a XML parser has open issues around parsing including integer overflows / panics that may or may not be an issue with untrusted data. Together with these open issues with Unmaintained status xml-rs may or may not be suited to parse untrusted data. Alternatives - quick-xml...

5.1AI score
Exploits0
RustSec
RustSec
•added 2022/01/24 12:0 p.m.•15 views

A malicious coder can get unsound access to TCell or TLCell memory

This is impossible to do by accident, but by carefully constructing marker types to be covariant, a malicious coder can cheat the singleton check in TCellOwner and TLCellOwner, giving unsound access to cell memory. This could take the form of getting two mutable references to the same memory, or ...

3.5AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/01/23 12:0 p.m.•27 views

Data race in `Iter` and `IterMut`

In the affected version of this crate, Iter, IterMut::next used a weaker memory ordering when loading values than what was required, exposing a potential data race when iterating over a ThreadLocal's values. Crates using Iter::next, or IterMut::next are affected by this issue...

4.2AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/01/22 12:0 p.m.•15 views

crate has been renamed to `ftdi-embedded-hal`

This crate has been renamed from ftd2xx-embedded-hal to ftdi-embedded-hal. The new repository location is:...

6.9AI score
Exploits0
RustSec
RustSec
•added 2022/01/21 12:0 p.m.•17 views

Improper validation of Windows paths could lead to directory traversal attack

towerhttp::services::fs::ServeDir didn't correctly validate Windows paths meaning paths like /foo/bar/c:/windows/web/screen/img101.png would be allowed and respond with the contents of c:/windows/web/screen/img101.png. Thus users could potentially read files anywhere on the filesystem. This only...

4.4AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/01/19 12:0 p.m.•21 views

Space bug in `clean_text`

An incorrect mapping from HTML specification to ASCII codes was used. Because HTML treats the Form Feed as whitespace, code like this has an injection bug: let html = format!"", cleantextusersuppliedstring; Applications are not affected if they quote their attributes, or if they don't use cleante...

1.4AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/01/17 12:0 p.m.•14 views

project abandoned

Alternatives: - odbc-api - rs-odbc...

1.8AI score
Exploits0
RustSec
RustSec
•added 2022/01/17 12:0 p.m.•14 views

`markdown` (1.0.0 and higher) is maintained

A new markdown crate has been brought over by a new maintainer replacing the old crate. The crate GitHub repository is now wooorm/markdown-rs This advisory has been withdraw since version 1.0.0 was released on 2025-04-23. markdown 0.3.0 and lower was unmaintained The old markdown crate was no...

7.2AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/01/17 12:0 p.m.•15 views

project abandoned

The r2d2-odbc-api crate might be an alternative...

1.4AI score
Exploits0
RustSec
RustSec
•added 2022/01/14 12:0 p.m.•14 views

Improper validation of Windows paths could lead to directory traversal attack

Path resolution in warp::filters::fs::dir didn't correctly validate Windows paths meaning paths like /foo/bar/c:/windows/web/screen/img101.png would be allowed and respond with the contents of c:/windows/web/screen/img101.png. Thus users could potentially read files anywhere on the filesystem. Th...

4.6AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/01/14 12:0 p.m.•14 views

Use-after-free due to a lifetime error in `Vec::into_iter()`

In affected versions of this crate, the lifetime of the iterator produced by Vec::intoiter is not constrained to the lifetime of the Bump that allocated the vector's memory. Using the iterator after the Bump is dropped causes use-after-free accesses. The following example demonstrates memory...

2.8AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/01/10 12:0 p.m.•15 views

Unsoundness in `dashmap` references

Reference returned by some methods of Ref and similar types may outlive the Ref and escape the lock. This causes undefined behavior and may result in a segfault. More information in dashmap167 issue...

2.4AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/01/05 12:0 p.m.•24 views

lmdb is unmaintained, use lmdb-rkv instead

The lmdb crate hasn't had any updates since August 2018. Mozilla's lmdb-rkv fork of the crate has received additional maintenance work beyond that and is the best available replacement...

1.8AI score
Exploits0
RustSec
RustSec
•added 2022/01/02 12:0 p.m.•11 views

Delegate functions are missing `Send` bound

Affected versions of this crate did not require event handlers to have Send bound despite there being no guarantee of them being called on any particular thread, which can potentially lead to data races and undefined behavior. The flaw was corrected in commit afe3252 by adding Send bounds...

3.1AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2022/01/01 12:0 p.m.•16 views

Stack overflow in rustc_serialize when parsing deeply nested JSON

When parsing JSON using json::Json::fromstr, there is no limit to the depth of the stack, therefore deeply nested objects can cause a stack overflow, which aborts the process. Example code that triggers the vulnerability is rust fn main let = rustcserialize::json::Json::fromstr&"0,".repeat10000;...

3.6AI score
Exploits0
RustSec
RustSec
•added 2021/12/27 12:0 p.m.•13 views

rental is unmaintained, author has moved on

The author encourages users to explore other solutions, or maintain a fork. Maintained alternatives include: ouroboros fortify escher...

2.8AI score
Exploits0
RustSec
RustSec
•added 2021/12/25 12:0 p.m.•16 views

cargo-download is unmaintained

The cargo download subcommand via cargo-download crate is broken and maintainer has disappeared from GitHub and hasn't had any commits for a year. Using this downloader will result to corrupted crates. Maintainer has not responded to maintenance takeover. Just use wget / curl directly...

2.2AI score
Exploits0
RustSec
RustSec
•added 2021/12/24 12:0 p.m.•14 views

dotenv is Unmaintained

dotenv by description is meant to be used in development or testing only. Using this in production may or may not be advisable. Alternatives The below may or may not be feasible alternatives: - dotenvy...

1.7AI score
Exploits0
RustSec
RustSec
•added 2021/12/24 12:0 p.m.•16 views

dotenv is Unmaintained

dotenv by description is meant to be used in development or testing only. Using this in production may or may not be advisable. Alternatives The below may or may not be feasible alternatives: - dotenvycodegenimpl...

1.8AI score
Exploits0
RustSec
RustSec
•added 2021/12/21 12:0 p.m.•14 views

Use after free in lru crate

Lru crate has use after free vulnerability. Lru crate has two functions for getting an iterator. Both iterators give references to key and value. Calling specific functions, like pop, will remove and free the value, and but it's still possible to access the reference of value which is already...

7.5CVSS3AI score0.0118EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/12/20 12:0 p.m.•34 views

Integer overflow in the bundled Brotli C library

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. If one cannot update the C library, its...

3.3AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2021/12/20 12:0 p.m.•49 views

Integer overflow in the bundled Brotli C library

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. An updated version of brotli-sys has not...

6.5CVSS3.2AI score0.03217EPSS
Exploits0
RustSec
RustSec
•added 2021/12/14 12:0 p.m.•40 views

Invalid handling of `X509_verify_cert()` internal errors in libssl

Internally libssl in OpenSSL calls X509verifycert on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error for example out of memory. Such a negative return value is mishandled by OpenSSL and will cause an IO...

7.5CVSS1AI score0.50099EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2021/12/07 12:0 p.m.•24 views

Incorrect Lifetime Bounds on Closures in `rusqlite`

The lifetime bound on several closure-accepting rusqlite functions specifically, functions which register a callback to be later invoked by SQLite was too relaxed. If a closure referencing borrowed values on the stack is was passed to one of these functions, it could allow Rust code to access...

7.5CVSS2.9AI score0.0118EPSS
Exploits7Affected Software1
Total number of security vulnerabilities1141