1141 matches found
`SegQueue` creates zero value of any type
Affected versions of this crate called mem::zeroed to create values of a user-supplied type T. This is unsound e.g. if T is a reference type which must be non-null. The flaw was corrected by avoiding the use of mem::zeroed, using MaybeUninit instead...
Channel creates zero value of any type
Affected versions of this crate called mem::zeroed to create values of a user-supplied type T. This is unsound e.g. if T is a reference type which must be non-null. The flaw was corrected by avoiding the use of mem::zeroed, using MaybeUninit instead...
malicious crate `rustdecimal`
The Rust Security Response WG and the crates.io team were notified1 on 2022-05-02 of the existence of the malicious crate rustdecimal, which contained malware. The crate name was intentionally similar to the name of the popular rustdecimal2 crate, hoping that potential victims would misspell its...
Timing attack
Affecting versions did not compare tokens in constant time, which could make it possible for an attacker to guess the 2fa token of a user. This has been fixed by using using the crate constanttimeeq for comparison...
Resource leakage when decoding certificates and keys
The OPENSSLLHflush function, which empties a hash table, contains a bug that breaks reuse of the memory occupied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will...
Incorrect MAC key used in the RC4-MD5 ciphersuite
The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipie...
`OCSP_basic_verify` may incorrectly verify the response signing certificate
The function OCSPbasicverify verifies the signer certificate on an OCSP response. In the case where the non-default flag OCSPNOCHECKS is used then the response will be positive meaning a successful verification even in the case where the response signing certificate fails to verify. It is...
`array!` macro is unsound when its length is impure constant
Affected versions of this crate did substitute the array length provided by an user at compile-time multiple times. When an impure constant expression is passed as an array length such as a result of an impure procedural macro, this can result in the initialization of an array with uninitialized...
Rusoto is unmaintained
The maintainers of Rusoto advise that all its crates are deprecated. This includes the common crates rusotocore, rusotosignature, rusotocredential, and service crates such as rusotos3 and rusotoec2. Users should migrate to the AWS SDK for Rust, which is maintained by AWS...
`rmp-serde` `Raw` and `RawRef` unsound
It was found that Raw::fromutf8 expects valid UTF-8. If invalid UTF-8 is received it can cause the process to crash...
Use after free with `externref`s and epoch interruption in Wasmtime
Use after free with externrefs and epoch interruption in Wasmtime...
Use after free with `externref`s and epoch interruption in Wasmtime
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-gwc9-348x-qwv2. For more information see the GitHub-hosted security advisory...
pty is unmaintained
The repository hasn't received any updates since Jun 25, 2017 and the author is unresponsive. Maintained alternatives include: tokio-pty-process pty-process...
Infinite loop in `BN_mod_sqrt()` reachable when parsing certificates
The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a...
Regexes with large repetitions on empty sub-expressions take a very long time to parse
The Rust Security Response WG was notified that the regex crate did not properly limit the complexity of the regular expressions regex it parses. An attacker could use this security issue to perform a denial of service, by sending a specially crafted regex to a service accepting untrusted regexes...
Incorrect signature verification on gzip-compressed install images
The coreos-installer is a program to fetch a disk image and stream it to a target disk. During the installation process the installation image gpg signatures are verified. The signature verification can be bypassed for gzip-compressed images due to a flaw in gzip coreos-installer wrapper. When th...
Arrow2 allows double free in `safe` code
The struct FfiArrowArray implements deriveClone that is inconsistent with its custom implementation of Drop, resulting in a double free when cloned. Cloning this struct in safe results in a segmentation fault, which is unsound. This derive was removed from this struct. All users are advised to...
Miscomputation when performing AES encryption in rust-crypto
The following Rust program demonstrates some strangeness in AES encryption - if you have an immutable key slice and then operate on that slice, you get different encryption output than if you operate on a copy of that key. For these functions, we expect that extending a 16 byte key to a 32 byte k...
Post-Quantum Signature scheme Rainbow level I parametersets broken
Ward Beullens found a practical key-recovery attack against Rainbow. The level I parametersets are removed from liboqs starting from version 0.7.2. Find the scientific details in Breaking Rainbow Takes a Weekend on a Laptop. This means all the oqs::sig::Algorithm::RainbowI variants are insecure...
enum_map macro can cause UB when `Enum` trait is incorrectly implemented
Affected versions of this crate did not properly check the length of an enum when using enummap! macro, trusting user-provided length. When the LENGTH in the Enum trait does not match the array length in the EnumArray trait, this can result in the initialization of the enum map with uninitialized...
Invalid drop of VMExternRef from partially-initialized instances in the pooling instance allocator
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-88xq-w8cq-xfg7. For more information see the GitHub-hosted security advisory...
`structopt` is in maintenance mode
structopt has been in maintenance mode, with no new development planned, since at least February of 2022. The status of structopt is discussed in a pinned issue. Recommended alternative The structopt derive wrapper was incorporated into clap v3. There is a migration guideclap-migration for...
Failure to verify the public key of a `SignedEnvelope` against the `PeerId` in a `PeerRecord`
Affected versions of this crate did not check that the public key the signature was created with matches the peer ID of the peer record. Any combination was considered valid. This allows an attacker to republish an existing PeerRecord with a different PeerId...
Unsoundness of AtomicCell<*64> arithmetics on 32-bit targets that support Atomic*64
Impact Affected versions of this crate incorrectly assumed that the alignment of i,u64 was always the same as AtomicI,U64. However, the alignment of i,u64 on a 32-bit target can be smaller than AtomicI,U64. This can cause the following problems: - Unaligned memory accesses - Data race Crates usin...
json is unmaintained
Last release was almost 3 years ago. The maintainer is unresponsive with outstanding issues. One of the outstanding issues include a possible soundness issue. Possible Alternatives The below list has not been vetted in any way and may or may not contain alternatives; - jzon maintained fork of jso...
Multiple soundness issues in `owning_ref`
OwningRef::mapwithowner is unsound and may result in a use-after-free. - OwningRef::map is unsound and may result in a use-after-free. - OwningRefMut::asowner and OwningRefMut::asownermut are unsound and may result in a use-after-free. - The crate violates Rust's aliasing rules, which may cause...
xml-rs is Unmaintained
xml-rs is a XML parser has open issues around parsing including integer overflows / panics that may or may not be an issue with untrusted data. Together with these open issues with Unmaintained status xml-rs may or may not be suited to parse untrusted data. Alternatives - quick-xml...
A malicious coder can get unsound access to TCell or TLCell memory
This is impossible to do by accident, but by carefully constructing marker types to be covariant, a malicious coder can cheat the singleton check in TCellOwner and TLCellOwner, giving unsound access to cell memory. This could take the form of getting two mutable references to the same memory, or ...
Data race in `Iter` and `IterMut`
In the affected version of this crate, Iter, IterMut::next used a weaker memory ordering when loading values than what was required, exposing a potential data race when iterating over a ThreadLocal's values. Crates using Iter::next, or IterMut::next are affected by this issue...
crate has been renamed to `ftdi-embedded-hal`
This crate has been renamed from ftd2xx-embedded-hal to ftdi-embedded-hal. The new repository location is:...
Improper validation of Windows paths could lead to directory traversal attack
towerhttp::services::fs::ServeDir didn't correctly validate Windows paths meaning paths like /foo/bar/c:/windows/web/screen/img101.png would be allowed and respond with the contents of c:/windows/web/screen/img101.png. Thus users could potentially read files anywhere on the filesystem. This only...
Space bug in `clean_text`
An incorrect mapping from HTML specification to ASCII codes was used. Because HTML treats the Form Feed as whitespace, code like this has an injection bug: let html = format!"", cleantextusersuppliedstring; Applications are not affected if they quote their attributes, or if they don't use cleante...
project abandoned
Alternatives: - odbc-api - rs-odbc...
`markdown` (1.0.0 and higher) is maintained
A new markdown crate has been brought over by a new maintainer replacing the old crate. The crate GitHub repository is now wooorm/markdown-rs This advisory has been withdraw since version 1.0.0 was released on 2025-04-23. markdown 0.3.0 and lower was unmaintained The old markdown crate was no...
project abandoned
The r2d2-odbc-api crate might be an alternative...
Improper validation of Windows paths could lead to directory traversal attack
Path resolution in warp::filters::fs::dir didn't correctly validate Windows paths meaning paths like /foo/bar/c:/windows/web/screen/img101.png would be allowed and respond with the contents of c:/windows/web/screen/img101.png. Thus users could potentially read files anywhere on the filesystem. Th...
Use-after-free due to a lifetime error in `Vec::into_iter()`
In affected versions of this crate, the lifetime of the iterator produced by Vec::intoiter is not constrained to the lifetime of the Bump that allocated the vector's memory. Using the iterator after the Bump is dropped causes use-after-free accesses. The following example demonstrates memory...
Unsoundness in `dashmap` references
Reference returned by some methods of Ref and similar types may outlive the Ref and escape the lock. This causes undefined behavior and may result in a segfault. More information in dashmap167 issue...
lmdb is unmaintained, use lmdb-rkv instead
The lmdb crate hasn't had any updates since August 2018. Mozilla's lmdb-rkv fork of the crate has received additional maintenance work beyond that and is the best available replacement...
Delegate functions are missing `Send` bound
Affected versions of this crate did not require event handlers to have Send bound despite there being no guarantee of them being called on any particular thread, which can potentially lead to data races and undefined behavior. The flaw was corrected in commit afe3252 by adding Send bounds...
Stack overflow in rustc_serialize when parsing deeply nested JSON
When parsing JSON using json::Json::fromstr, there is no limit to the depth of the stack, therefore deeply nested objects can cause a stack overflow, which aborts the process. Example code that triggers the vulnerability is rust fn main let = rustcserialize::json::Json::fromstr&"0,".repeat10000;...
rental is unmaintained, author has moved on
The author encourages users to explore other solutions, or maintain a fork. Maintained alternatives include: ouroboros fortify escher...
cargo-download is unmaintained
The cargo download subcommand via cargo-download crate is broken and maintainer has disappeared from GitHub and hasn't had any commits for a year. Using this downloader will result to corrupted crates. Maintainer has not responded to maintenance takeover. Just use wget / curl directly...
dotenv is Unmaintained
dotenv by description is meant to be used in development or testing only. Using this in production may or may not be advisable. Alternatives The below may or may not be feasible alternatives: - dotenvy...
dotenv is Unmaintained
dotenv by description is meant to be used in development or testing only. Using this in production may or may not be advisable. Alternatives The below may or may not be feasible alternatives: - dotenvycodegenimpl...
Use after free in lru crate
Lru crate has use after free vulnerability. Lru crate has two functions for getting an iterator. Both iterators give references to key and value. Calling specific functions, like pop, will remove and free the value, and but it's still possible to access the reference of value which is already...
Integer overflow in the bundled Brotli C library
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. If one cannot update the C library, its...
Integer overflow in the bundled Brotli C library
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. An updated version of brotli-sys has not...
Invalid handling of `X509_verify_cert()` internal errors in libssl
Internally libssl in OpenSSL calls X509verifycert on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error for example out of memory. Such a negative return value is mishandled by OpenSSL and will cause an IO...
Incorrect Lifetime Bounds on Closures in `rusqlite`
The lifetime bound on several closure-accepting rusqlite functions specifically, functions which register a callback to be later invoked by SQLite was too relaxed. If a closure referencing borrowed values on the stack is was passed to one of these functions, it could allow Rust code to access...