Lucene search
K
RustsecRecent

1141 matches found

RustSec
RustSec
added 2021/12/05 12:0 p.m.23 views

`encoding` is unmaintained

Last release was on 2016-08-28. The issue inquiring as to the status of the crate has gone unanswered by the maintainer. Possible alternatives - encodingrs...

2.2AI score
Exploits0
RustSec
RustSec
added 2021/11/30 12:0 p.m.9 views

Use After Free in lucet-runtime

There is a bug in the main branch of Lucet's lucet-runtime that allows a use-after-free in an Instance object that could result in memory corruption, data race, or other related issues. This bug was introduced early in the development of Lucet and is present in all releases. As a result of this...

8.5CVSS6.8AI score0.01566EPSS
Exploits1
RustSec
RustSec
added 2021/11/29 12:0 p.m.41 views

RustEmbed generated `get` method allows for directory traversal when reading files from disk

When running in debug mode and the debug-embed off by default feature is not enabled, the generated get method does not check that the input path is a child of the folder given. This allows attackers to read arbitrary files in the file system if they have control over the filename given. The...

7.5CVSS3.2AI score0.01593EPSS
Exploits1Affected Software1
RustSec
RustSec
added 2021/11/16 12:0 p.m.26 views

Data race when sending and receiving after closing a `oneshot` channel

If a tokio::sync::oneshot channel is closed via the oneshot::Receiver::close method, a data race may occur if the oneshot::Sender::send method is called while the corresponding oneshot::Receiver is awaited or calling tryrecv. When these methods are called concurrently on a closed channel, the two...

8.1CVSS0.8AI score0.01162EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2021/11/14 12:0 p.m.30 views

Converting `NSString` to a String Truncates at Null Bytes

Methods of NSString for conversion to a string may return a partial result. Since they call CStr::fromptr on a pointer to the string buffer, the string is terminated at the first null byte, which might not be the end of the string. In addition to the vulnerable functions listed for this issue, th...

7.5CVSS1.5AI score0.01314EPSS
Exploits1Affected Software1
RustSec
RustSec
added 2021/11/14 12:0 p.m.18 views

Panic on incorrect date input to `simple_asn1`

Version 0.6.0 of the simpleasn1 crate panics on certain malformed inputs to its parsing functions, including fromder and derdecode. Because this crate is frequently used with inputs from the network, this should be considered a security vulnerability. The issue occurs when parsing the old ASN.1...

7.5CVSS2.4AI score0.0134EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2021/10/31 12:0 p.m.18 views

Generated code can read and write out of bounds in safe code

Code generated by flatbuffers' compiler is unsafe but not marked as such. See https://github.com/google/flatbuffers/issues/6627 for details. For example, if generated code is used to decode malformed or untrusted input, undefined behavior and thus security vulnerabilities is possible even without...

0.6AI score
Exploits0Affected Software1
RustSec
RustSec
added 2021/10/22 12:0 p.m.25 views

sodiumoxide is deprecated

Alternatives may be found - not in any specific order: - libsodium-sys-stable - dryoc - RustCrypto/nacl-compat cryptobox, cryptokx, cryptosecretstream - RustCrypto/xsalsa20poly1305 cryptosecretbox - Signatory - ed25519-compact - ed25519-dalek - ring Recommendations can be also found from: - Aweso...

1.7AI score
Exploits0
RustSec
RustSec
added 2021/10/17 12:0 p.m.23 views

abomonation transmutes &T to and from &[u8] without sufficient constraints

This transmute is at the core of the abomonation crates. It's so easy to use it to violate alignment requirements that no test in the crate's test suite passes under miri. The use of this transmute in serialization/deserialization also incorrectly assumes that the layout of a reprRust type is...

7.5CVSS1.2AI score0.00972EPSS
Exploits0
RustSec
RustSec
added 2021/10/14 12:0 p.m.15 views

Incorrect use of `set_len` allows for un-initialized memory

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...

1.1AI score
Exploits0Affected Software1
RustSec
RustSec
added 2021/10/08 12:0 p.m.15 views

Non-aligned u32 read in Chacha20 encryption and decryption

The implementation does not enforce alignment requirements on input slices while incorrectly assuming 4-byte alignment through an unsafe call to std::slice::fromrawpartsmut, which breaks the contract and introduces undefined behavior. This affects Chacha20 encryption and decryption in crypto2...

9.8CVSS2.1AI score0.00753EPSS
Exploits0
RustSec
RustSec
added 2021/10/04 12:0 p.m.14 views

traitobject is Unmaintained

Crate traitobject has not had a release for over five years. In addition there is an existing security advisory that has not been addressed: - RUSTSEC-2020-0027 Possible Alternatives The below list has not been vetted in any way and may or may not contain alternatives; - destructuretraitobject...

3.5AI score
Exploits0
RustSec
RustSec
added 2021/09/27 12:0 p.m.21 views

Out-of-bounds write in nix::unistd::getgrouplist

On certain platforms, if a user has more than 16 groups, the nix::unistd::getgrouplist function will call the libc getgrouplist function with a length parameter greater than the size of the buffer it provides, resulting in an out-of-bounds write and memory corruption. The libc getgrouplist functi...

9.8CVSS0.6AI score0.0165EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2021/09/24 12:0 p.m.23 views

`#[zeroize(drop)]` doesn't implement `Drop` for `enum`s

Affected versions of this crate did not implement Drop when zeroizedrop was used on an enum. This can result in memory not being zeroed out after dropping it, which is exactly what is intended when adding this attribute. The flaw was corrected in version 1.2 and zeroizedrop on enums now properly...

9.8CVSS3.7AI score0.01191EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2021/09/23 12:0 p.m.18 views

Aliased mutable references from `tls_rand` & `TlsWyRand`

TlsWyRand's implementation of Deref unconditionally dereferences a raw pointer, and returns multiple mutable references to the same object, which is undefined behavior...

9.8CVSS2.7AI score0.01191EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2021/09/17 12:0 p.m.48 views

Multiple Vulnerabilities in Wasmtime

Use after free passing externrefs to Wasm in Wasmtime Out-of-bounds read/write and invalid free with externrefs and GC safepoints in Wasmtime Wrong type for Linker-define functions when used across two Engines...

6.3CVSS2.4AI score0.00307EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2021/09/16 12:0 p.m.21 views

Memory Safety Issue when using `patch` or `merge` on `state` and assign the result back to `state`

Affected versions of this crate maintains references to memory that might have been freed already. If affects the following two tremor-script language constructs: A Merge where we assign the result back to the target expression and the expression to be merged needs to reference the event: let sta...

9.8CVSS0.3AI score0.01191EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2021/09/14 12:0 p.m.15 views

`FixedSizeBinaryArray` does not perform bound checks on accessing values and offsets

FixedSizeBinaryArray performs insufficient bounds checks, which allows out-of-bounds reads in safe code...

2.9AI score
Exploits0Affected Software1
RustSec
RustSec
added 2021/09/14 12:0 p.m.12 views

`DecimalArray` does not perform bound checks on accessing values and offsets

DecimalArray performs insufficient bounds checks, which allows out-of-bounds reads in safe code if the length of the backing buffer is not a multiple of 16...

2.4AI score
Exploits0Affected Software1
RustSec
RustSec
added 2021/09/14 12:0 p.m.12 views

`BinaryArray` does not perform bound checks on reading values and offsets

BinaryArray performs insufficient validation on creation, which allows out-of-bounds reads in safe code...

3.2AI score
Exploits0Affected Software1
RustSec
RustSec
added 2021/09/10 12:0 p.m.5 views

Uninitalized memory read & leak caused by fuser crate

During creation of new libfuse session with fusesessionnew operation list was passed as NULL incorrectly. libfuse expects this argument to always point to list of operations. This caused uninitialized memory read and leaks in libfuse.so...

6.9AI score
Exploits0Affected Software1
RustSec
RustSec
added 2021/09/08 12:0 p.m.19 views

Miscomputed results when using AVX2 backend

The v0.9.7 release of the sha2 crate introduced a new AVX2-accelerated backend which was automatically enabled for all x86/x8664 CPUs where AVX2 support was autodetected at runtime. This backend was buggy and would miscompute results for long messages i.e. messages spanning multiple SHA blocks. T...

9.8CVSS2.2AI score0.00805EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2021/09/01 12:0 p.m.8 views

`daemonize` is Unmaintained

Last release was over four years ago. The crate contains undocumented unsafe behind safe fns. An issue inquiring as to possible updates has gone unanswered by the maintainer. Possible Alternatives The below list has not been vetted in any way and may or may not contain alternatives: - daemonize-m...

3.4AI score
Exploits0
RustSec
RustSec
added 2021/08/25 12:0 p.m.15 views

Crate has been renamed to `cosmrs`

The cosmossdk crate, which provides a basic Rust SDK for the Cosmos ecosystem, has rebranded to “CosmRS” in the spirit of other projects like CosmJS and CosmWasm. You can find the new home here: https://github.com/cosmos/cosmos-rust/tree/main/cosmrs The new crate name is cosmrs:...

1.7AI score
Exploits0
RustSec
RustSec
added 2021/08/24 12:0 p.m.56 views

Read buffer overruns processing ASN.1 strings

ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are represented as a buffer for the string data which is terminated with a NUL 0 byt...

7.4CVSS7.8AI score0.50445EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2021/08/24 12:0 p.m.51 views

SM2 Decryption Buffer Overflow

In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...

9.8CVSS9.5AI score0.87816EPSS
Exploits1Affected Software1
RustSec
RustSec
added 2021/08/18 12:0 p.m.18 views

ansi_term is Unmaintained

The maintainer has advised that this crate is deprecated and will not receive any maintenance. The crate does not seem to have much dependencies and may or may not be ok to use as-is. Last release seems to have been three years ago. Possible Alternatives The below list has not been vetted in any...

7.2AI score
Exploits0
RustSec
RustSec
added 2021/08/16 12:0 p.m.16 views

spirv_headers is unmaintained, use spirv instead

Because of versioning issues; the spirvheaders crate is unmaintained. Use spirv for parsing spirv files...

2.9AI score
Exploits0
RustSec
RustSec
added 2021/08/15 12:0 p.m.19 views

serde_cbor is unmaintained

The serdecbor crate is unmaintained. The author has archived the github repository. Alternatives proposed by the author: ciborium minicbor...

2.3AI score
Exploits0
RustSec
RustSec
added 2021/08/14 12:0 p.m.21 views

vec-const attempts to construct a Vec from a pointer to a const slice

Affected versions of this crate claimed to construct a const Vec with nonzero length and capacity, but that cannot be done because such a Vec requires a pointer from an allocator. The implementation was later changed to just construct a std::borrow::Cow...

7.5CVSS3.7AI score0.01053EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2021/07/30 12:0 p.m.27 views

Data race in crossbeam-deque

In the affected version of this crate, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this stil...

9.8CVSS0.6AI score0.01923EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2021/07/30 12:0 p.m.19 views

Partial read is incorrect in molecule

Anyone who uses totalsize.. function to partial read the length of any FixVec will get an incorrect result, due to an incorrect implementation. This has been resolved in the 0.7.2 release...

9.8CVSS2.6AI score0.01318EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2021/07/25 12:0 p.m.20 views

Remote memory exhaustion in ckb

In the ckb sync protocol, SyncState maintains a HashMap called 'misbehavior' that keeps a score of a peer's violations of the protocol. This HashMap is keyed to PeerIndex an alias for SessionId, and entries are never removed from it. SessionId is an integer that increases monotonically with every...

7.8CVSS1.5AI score0.01466EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2021/07/25 12:0 p.m.22 views

Miner fails to get block template when a cell used as a cell dep has been destroyed.

Impact The RPC getblocktemplate fails when a cell has been used as a cell dep and an input in the different transactions. Say cell C is used as a dep group in the transaction A, and is destroyed in the transaction B. The node adds transaction A first, then B into the transaction pool. They are bo...

9.8CVSS0.6AI score0.01191EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2021/07/25 12:0 p.m.19 views

Process crashes when the cell used as DepGroup is not alive

It's easy to create a malign transaction which uses the dead cell as the DepGroup in the DepCells. The transaction can crash all the receiving nodes...

7.8CVSS2AI score0.01088EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2021/07/22 12:0 p.m.18 views

`better-macro` has deliberate RCE to prove a point

better-macro is a fake crate which is "Proving A Point" that proc-macros can run arbitrary code. This is not a particularly novel or interesting observation. It currently opens https://github.com/raycar5/better-macro/blob/master/doc/hi.md which doesn't appear to have any malicious content, but...

9.8CVSS1.3AI score0.02567EPSS
Exploits1Affected Software1
RustSec
RustSec
added 2021/07/19 12:0 p.m.15 views

Links in archive can create arbitrary directories

When unpacking a tarball that contains a symlink the tar crate may create directories outside of the directory it's supposed to unpack into. The function errors when it's trying to create a file, but the folders are already created at this point. rust use std::io, io::Result; use tar::Archive,...

7.5CVSS0.6AI score0.01392EPSS
Exploits1Affected Software1
RustSec
RustSec
added 2021/07/15 12:0 p.m.24 views

Uncontrolled Search Path Element in sharkdp/bat

bat on windows before 0.18.2 executes programs named less.exe from the current working directory. This can lead to unintended code execution...

7.8CVSS2.8AI score0.00356EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2021/07/13 12:0 p.m.20 views

libsecp256k1 allows overflowing signatures

libsecp256k1 accepts signatures whose R or S parameter is larger than the secp256k1 curve order, which differs from other implementations. This could lead to invalid signatures being verified. The error is resolved in 0.5.0 by adding a checkoverflow flag...

9.8CVSS4.1AI score0.00935EPSS
Exploits1Affected Software1
RustSec
RustSec
added 2021/07/12 12:0 p.m.20 views

Relative Path Traversal in git-delta

git-delta before 0.8.3 on Windows resolves an executable's pathname as a relative path from the current directory...

7.8CVSS4.6AI score0.00422EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2021/07/08 12:0 p.m.29 views

Conversion from `prost_types::Timestamp` to `SystemTime` can cause an overflow and panic

Affected versions of this crate contained a bug in which untrusted input could cause an overflow and panic when converting a Timestamp to SystemTime. It is recommended to upgrade to prost-types v0.8 and switch the usage of From for SystemTime to TryFrom for SystemTime. See 438 for more informatio...

7.5CVSS3.6AI score0.01103EPSS
Exploits1Affected Software1
RustSec
RustSec
added 2021/07/08 12:0 p.m.28 views

Incorrect handling of embedded SVG and MathML leads to mutation XSS

Affected versions of this crate did not account for namespace-related parsing differences between HTML, SVG, and MathML. Even if the svg and math elements are not allowed, the underlying HTML parser still treats them differently. Running cleanup without accounting for these differing namespaces...

6.1CVSS1.3AI score0.00702EPSS
Exploits1Affected Software1
RustSec
RustSec
added 2021/07/08 12:0 p.m.20 views

Flaw in `FieldVar::mul_by_inverse` allows unsound R1CS constraint systems

Versions 0.2.0 to 0.3.0 of ark-r1cs-std did not enforce any constraints in the FieldVar::mulbyinverse method, allowing a malicious prover to produce an unsound proof that passes all verifier checks. This method was used primarily in scalar multiplication for shortweierstrass::ProjectiveVar. This...

9.8CVSS4.8AI score0.01275EPSS
Exploits1Affected Software1
RustSec
RustSec
added 2021/07/07 12:0 p.m.20 views

Lenient `hyper` header parsing of `Content-Length` could allow request smuggling

hyper's HTTP header parser accepted, according to RFC 7230, illegal contents inside Content-Length headers. Due to this, upstream HTTP proxies that ignore the header may still forward them along if it chooses to ignore the error. To be vulnerable, hyper must be used as an HTTP/1 server and using ...

5.3CVSS0.3AI score0.00886EPSS
Exploits1Affected Software1
RustSec
RustSec
added 2021/07/07 12:0 p.m.23 views

Integer overflow in `hyper`'s parsing of the `Transfer-Encoding` header leads to data loss

When decoding chunk sizes that are too large, hyper's code would encounter an integer overflow. Depending on the situation, this could lead to data loss from an incorrect total size, or in rarer cases, a request smuggling attack. To be vulnerable, you must be using hyper for any HTTP/1 purpose,...

9.1CVSS3AI score0.01133EPSS
Exploits1Affected Software1
RustSec
RustSec
added 2021/07/07 12:0 p.m.31 views

Task dropped in wrong thread when aborting `LocalSet` task

When aborting a task with JoinHandle::abort, the future is dropped in the thread calling abort if the task is not currently being executed. This is incorrect for tasks spawned on a LocalSet. This can easily result in race conditions as many projects use Rc or RefCell in their Tokio tasks for bett...

5.9CVSS0.9AI score0.00836EPSS
Exploits1Affected Software1
RustSec
RustSec
added 2021/07/04 12:0 p.m.25 views

Potential unaligned read

On windows, atty dereferences a potentially unaligned pointer. In practice however, the pointer won't be unaligned unless a custom global allocator is used. In particular, the System allocator on windows uses HeapAlloc, which guarantees a large enough alignment. atty is Unmaintained A Pull Reques...

6.8AI score
Exploits0
RustSec
RustSec
added 2021/06/16 12:0 p.m.18 views

Potential request smuggling capabilities due to lack of input validation

Affected versions of this crate did not properly detect invalid requests that could allow HTTP/1 request smuggling HRS attacks when running alongside a vulnerable front-end proxy server. This can result in leaked internal and/or user data, including credentials, when the front-end proxy is also...

7.5CVSS3.5AI score0.0181EPSS
Exploits1Affected Software1
RustSec
RustSec
added 2021/06/12 12:0 p.m.24 views

`grep-cli` may run arbitrary executables on Windows

On Windows in versions of grep-cli prior to 0.1.6, it's possible for some of the routines to execute arbitrary executables. In particular, a quirk of the Windows process execution API is that it will automatically consider the current directory before other directories when resolving relative...

9.8CVSS3.5AI score0.01934EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2021/06/11 12:0 p.m.14 views

Triton VM Soundness Vulnerability due to Missing Constraint

The instruction spongeabsorbmem Triton VM fails to verify that hashed values come from the claimed memory location. Malicious provers can substitute arbitrary data instead of actual memory contents. Any application using instruction spongeabsorbmem to hash memory data can be given a proof for a...

5.6AI score
Exploits0Affected Software1
Total number of security vulnerabilities1141