Lucene search
K
RustsecRecent

1141 matches found

RustSec
RustSec
•added 2021/02/09 12:0 p.m.•25 views

Use after free possible in `uri::Formatter` on panic

Affected versions of this crate transmuted a &str to a &'static str before pushing it into a StackVec, this value was then popped later in the same function. This was assumed to be safe because the reference would be valid while the method's stack was active. In between the push and the pop,...

7.5CVSS1.2AI score0.01025EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/02/05 12:0 p.m.•18 views

Multiple Transfer-Encoding headers misinterprets request payload

hyper's HTTP server code had a flaw that incorrectly understands some requests with multiple transfer-encoding headers to have a chunked payload, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that understands the request payload boundary differently can...

8.1CVSS1.4AI score0.04771EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2021/02/04 12:0 p.m.•16 views

office is unmaintained, use calamine instead

The office crate is unmaintained. Use calamine for reading excel files. Contact the office author for ownership of the package name...

3.3AI score
Exploits0
RustSec
RustSec
•added 2021/02/04 12:0 p.m.•15 views

Multiple soundness issues

Calls std::str::fromutf8unchecked without any checks The function xcb::xproto::GetAtomNameReply::name calls std::str::fromutf8unchecked on the raw bytes that were received from the X11 server without any validity checks. The X11 server only prevents interior null bytes, but otherwise allows any X...

9.8CVSS1.3AI score0.01754EPSS
Exploits3Affected Software1
RustSec
RustSec
•added 2021/02/03 12:0 p.m.•18 views

Window can read out of bounds if Read instance returns more bytes than buffer size

rdiff performs a diff of two provided strings or files. As part of its reading code it uses the return value of a Read instance to set the length of its internal character vector. If the Read implementation claims that it has read more bytes than the length of the provided buffer, the length of t...

7.5CVSS2AI score0.01059EPSS
Exploits0
RustSec
RustSec
•added 2021/02/03 12:0 p.m.•19 views

insert_slice_clone can double drop if Clone panics.

Affected versions of this crate used ptr::copy when inserting into the middle of a Vec. When ownership was temporarily duplicated during this copy, it calls the clone method of a user provided element. This issue can result in an element being double-freed if the clone call panics. Commit 20cb73d...

5.3CVSS3AI score0.01359EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/01/31 12:0 p.m.•25 views

KeyValueReader passes uninitialized memory to Read instance

The KeyValueReader type in affected versions of this crate set up an uninitialized memory buffer and passed them to be read in to a user-provided Read instance. The Read instance could read uninitialized memory and cause undefined behavior and miscompilations. This issue was fixed in commit dd59b...

9.8CVSS5.2AI score0.011EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2021/01/31 12:0 p.m.•23 views

split_at allows obtaining multiple mutable references to the same data

Affected versions of this crate assumed that Borrow was guaranteed to return the same value on .borrow. The borrowed index value was used to retrieve a mutable reference to a value. If the Borrow implementation returned a different index, the split arena would allow retrieving the index as a...

9.8CVSS3.1AI score0.01377EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/01/30 12:0 p.m.•25 views

`Read` on uninitialized buffer may cause UB (`impl Walue for Vec<u8>`)

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...

7.5CVSS2.8AI score0.01489EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/01/29 12:0 p.m.•9 views

nphysics2d is unmaintained

The maintainer has advised that this crate is passively-maintained and that it is being superseded by the Rapier project...

3.4AI score
Exploits0
RustSec
RustSec
•added 2021/01/29 12:0 p.m.•12 views

ncollide3d is unmaintained

The maintainer has advised that this crate is passively-maintained and that it is being superseded by the Parry project...

3.4AI score
Exploits0
RustSec
RustSec
•added 2021/01/29 12:0 p.m.•11 views

nphysics3d is unmaintained

The maintainer has advised that this crate is passively-maintained and that it is being superseded by the Rapier project...

3.4AI score
Exploits0
RustSec
RustSec
•added 2021/01/29 12:0 p.m.•11 views

ncollide2d is unmaintained

The maintainer has advised that this crate is passively-maintained and that it is being superseded by the Parry project...

3.4AI score
Exploits0
RustSec
RustSec
•added 2021/01/26 12:0 p.m.•25 views

Record::read : Custom `Read` on uninitialized buffer may cause UB

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Record::read Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized...

7.5CVSS3.2AI score0.01498EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/01/26 12:0 p.m.•15 views

`IoReader::read()`: user-provided `Read` on uninitialized buffer may cause UB

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...

7.5CVSS3.9AI score0.01557EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/01/26 12:0 p.m.•21 views

Deserialization functions pass uninitialized memory to user-provided Read

Affected versions of this crate passed an uninitialized buffer to a user-provided Read instance in: deserializebinary deserializestring deserializeextensionothers deserializestringprimitive This can result in safe Read implementations reading from the uninitialized buffer leading to undefined...

4.2AI score
Exploits0
RustSec
RustSec
•added 2021/01/26 12:0 p.m.•23 views

insert_many can drop elements twice on panic

Affected versions of insertmany used ptr::copy to move over items in a vector to make space before inserting, duplicating their ownership. It then iterated over a provided Iterator to insert the new items. If the iterator's .next method panics then the vector would drop the same elements twice...

7.5CVSS4.2AI score0.01135EPSS
Exploits1
RustSec
RustSec
•added 2021/01/21 12:0 p.m.•11 views

Improper validation of Windows paths could lead to directory traversal attack

towerhttp::services::fs::ServeDir didn't correctly validate Windows paths meaning paths like /foo/bar/c:/windows/web/screen/img101.png would be allowed and respond with the contents of c:/windows/web/screen/img101.png. Thus users could potentially read files anywhere on the filesystem. This only...

4.4AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2021/01/20 12:0 p.m.•24 views

Soundness issues in `raw-cpuid`

Undefined behavior in asstring methods VendorInfo::asstring, SoCVendorBrand::asstring, and ExtendedFunctionInfo::processorbrandstring construct byte slices using std::slice::fromrawparts, with data coming from reprRust structs. This is always undefined behavior. See...

7.5CVSS0.8AI score0.01261EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/01/20 12:0 p.m.•10 views

`out_reference::Out::from_raw` should be `unsafe`

Out::fromraw in affected versions allows writing a value to invalid memory address without requiring unsafe. The soundness issue has been addressed by making Out::fromraw an unsafe function...

4.7AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2021/01/20 12:0 p.m.•24 views

QueryInterface should call AddRef before returning pointer

Affected version of this crate, which is a required dependency in com-impl, provides a faulty implementation of the IUnknown::QueryInterface method. QueryInterface implementation must call IUnknown::AddRef before returning the pointer, as describe in this documentation: As it is not incrementing...

7.5CVSS1.7AI score0.01053EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2021/01/20 12:0 p.m.•16 views

Optional `Deserialize` implementations lacking validation

When activating the non-default feature serialize, most structs implement serde::Deserialize without sufficient validation. This allows breaking invariants in safe code, leading to: Undefined behavior in asstring methods which use std::str::fromutf8unchecked internally. Panics due to failed...

9.8CVSS1.6AI score0.01123EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2021/01/17 12:0 p.m.•16 views

Missing Send bound for Lazy

All current versions of this crate allow causing data races in safe code. The flaw will be fixed in the next release...

5.3CVSS3.3AI score0.01314EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2021/01/12 12:0 p.m.•20 views

panic safety: double drop or uninitialized drop of T upon panic

Affected versions of this crate did not guard against potential panics that may happen from user-provided functions T::default and T::drop. Panic within T::default leads to dropping uninitialized T, when it is invoked from common::Slice::::new. Panic within T::drop leads to double drop of T, when...

2.5AI score
Exploits0
RustSec
RustSec
•added 2021/01/12 12:0 p.m.•18 views

panic safety: double drop may happen within `util::{mutate, mutate2}`

Upon panic in a user-provided function f, fn mutate & fn mutate2 drops twice a same object. Affected versions of this crate did not guard against double drop while temporarily duplicating an object's ownership with ptr::read. Dropping a same object can result in memory corruption. The flaw was...

9.8CVSS1.1AI score0.01552EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/01/11 12:0 p.m.•22 views

FromIterator implementation for Vector/Matrix can drop uninitialized memory

The FromIterator methods for Vector and Matrix rely on the type parameter N to allocate space in the iterable. If the passed in N type parameter is larger than the number of items returned by the iterator, it can lead to uninitialized memory being left in the Vector or Matrix type which gets...

9.8CVSS3.1AI score0.01326EPSS
Exploits1
RustSec
RustSec
•added 2021/01/10 12:0 p.m.•26 views

Double drop upon panic in 'fn map_array()'

Affected versions of this crate did not guard against panic within the user-provided function f 2nd parameter of fn maparray, and thus panic within f causes double drop of a single object. The flaw was corrected in the 0.4.0 release by wrapping the object vulnerable to a double drop within...

7.5CVSS2.5AI score0.0139EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/01/10 12:0 p.m.•27 views

panic safety issue in `impl TransformContent<S, D> for [S; (2|3|4)]`

Affected versions of this crate did not guard against double drop while temporarily duplicating objects' ownership using ptr::read. Upon panic in a user-provided function conversion, objects that are copied by ptr::read are dropped twice, leading to memory corruption. The flaw was corrected in...

7.5CVSS2.1AI score0.01327EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/01/08 12:0 p.m.•18 views

Buffer overflow in SmallVec::insert_many

A bug in the SmallVec::insertmany method caused it to allocate a buffer that was smaller than needed. It then wrote past the end of the buffer, causing a buffer overflow and memory corruption on the heap. This bug was only triggered if the iterator passed to insertmany yielded more items than the...

9.8CVSS1.1AI score0.01666EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/01/07 12:0 p.m.•24 views

columnar: `Read` on uninitialized buffer may cause UB (ColumnarReadExt::read_typed_vec())

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation ColumnarReadExt::readtypedvec. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading...

9.8CVSS3.2AI score0.01191EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2021/01/07 12:0 p.m.•21 views

Reading on uninitialized buffer may cause UB ( `gfx_auxil::read_spirv()` )

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...

9.8CVSS3.8AI score0.01191EPSS
Exploits0
RustSec
RustSec
•added 2021/01/07 12:0 p.m.•18 views

`Read` on uninitialized buffer may cause UB ( `read_entry()` )

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. There are two of such cases gooffsetlog::readentry & offsetlog::readentry. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect...

9.8CVSS3.4AI score0.01191EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2021/01/07 12:0 p.m.•18 views

`Frame::copy_from_raw_parts` can lead to segfault without `unsafe`

fn Frame::copyfromrawparts is a safe API that can take a raw pointer and dereference it. It is possible to read arbitrary memory address with an arbitrarily fed pointer. This allows the safe API to access & read arbitrary address in memory. Feeding an invalid memory address pointer to the API may...

7.5CVSS1AI score0.01327EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/01/07 12:0 p.m.•17 views

Reading on uninitialized memory may cause UB ( `util::read_spv()` )

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...

9.8CVSS3.9AI score0.01345EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2021/01/07 12:0 p.m.•21 views

Loading a bgzip block can write out of bounds if size overflows.

Affected versions of bam set the length of an internal buffer using self.compressed.setlenblocksize - HEADERSIZE - MINEXTRASIZE and then wrote into it. While blocksize was constrained to a proper maximum, when it was too small the subtraction could overflow negatively to a large number past the...

9.8CVSS2.4AI score0.01167EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2021/01/06 12:0 p.m.•23 views

`Sectors::get` accesses unclaimed/uninitialized memory

Affected versions of this crate arbitrarily calls Vec::setlen to increase length of a vector without claiming more memory for the vector. Affected versions of this crate also calls user-provided Read on the uninitialized memory of the vector that was extended with Vec::setlen. This can overwrite...

9.8CVSS3AI score0.01728EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/01/05 12:0 p.m.•23 views

`Read` on uninitialized memory may cause UB (fn preamble_skipcount())

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation within fn preambleskipcount. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading fro...

9.8CVSS3.6AI score0.01191EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2021/01/04 12:0 p.m.•22 views

panic in user-provided `Endian` impl triggers double drop of T

Affected versions of the crate does not guard against panic from user-provided impl of Endian trait, which is a safe trait that users can implement. If a user-provided implementation of the Endian trait panics, double-drop is triggered due to the duplicated ownership of T created by ptr::read...

7.5CVSS3.2AI score0.01135EPSS
Exploits1
RustSec
RustSec
•added 2021/01/04 12:0 p.m.•23 views

EventList's From<EventList> conversions can double drop on panic.

Affected versions of this crate read from a container using ptr::read in From, and then call a user specified Into function. This issue can result in a double-free if the user provided function panics...

7.5CVSS2.9AI score0.01327EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/01/04 12:0 p.m.•18 views

kamadak-exif DoS with untrusted PNG data

Attacker crafted data can cause a infinite loop leading to DoS if used with untrusted data...

6.5CVSS2.5AI score0.01515EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2021/01/04 12:0 p.m.•12 views

interfaces2 is unmaintained, use interfaces instead

The interfaces2 crate is not maintained any more; use interfaces instead...

1.6AI score
Exploits0
RustSec
RustSec
•added 2021/01/04 12:0 p.m.•23 views

XSS in mdBook's search page

This is a cross-post of the official security advisoryml. The official post contains a signed version with our PGP key, as well. ml: https://groups.google.com/g/rustlang-security-announcements/c/3-sO6of29O0 The Rust Security Response Working Group was recently notified of a security issue affecti...

8.2CVSS3.1AI score0.01254EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2021/01/03 12:0 p.m.•20 views

`Read` on uninitialized buffer can cause UB (impl of `ReadKVExt`)

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...

9.8CVSS3.7AI score0.01191EPSS
Exploits0
RustSec
RustSec
•added 2021/01/03 12:0 p.m.•19 views

'Read' on uninitialized memory may cause UB

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. The crate currently contains 4 occurrences of such cases. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes...

9.8CVSS3AI score0.01191EPSS
Exploits0
RustSec
RustSec
•added 2021/01/02 12:0 p.m.•22 views

Reading uninitialized memory can cause UB (`Deserializer::read_vec`)

Deserializer::readvec created an uninitialized buffer and passes it to a user-provided Read implementation Deserializer.reader.readexact. Passing an uninitialized buffer to an arbitrary Read implementation is currently defined as undefined behavior in Rust. Official documentation for the Read tra...

9.8CVSS2AI score0.01688EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/01/02 12:0 p.m.•18 views

reading on uninitialized buffer can cause UB (`impl<R> BufRead for GreedyAccessReader<R>`)

Affected versions of this crate creates an uninitialized buffer and passes it to user-provided Read implementation. This is unsound, because it allows safe Rust code to exhibit an undefined behavior read from uninitialized memory. The flaw was corrected in version 0.1.1 by zero-initializing a new...

9.1CVSS3.4AI score0.01642EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2021/01/01 12:0 p.m.•24 views

Exposes internally used raw pointer

Affected versions of this crate dereference a raw pointer that can be modified without using unsafe code...

7.5CVSS3.4AI score0.01397EPSS
Exploits1
RustSec
RustSec
•added 2020/12/31 12:0 p.m.•15 views

`read` on uninitialized buffer may cause UB (bite::read::BiteReadExpandedExt::read_framed_max)

Affected versions of this crate calls a user provided Read implementation on an uninitialized buffer. Read on uninitialized buffer is defined as undefined behavior in Rust...

7.5CVSS3.5AI score0.01059EPSS
Exploits0
RustSec
RustSec
•added 2020/12/31 12:0 p.m.•16 views

`FixedCapacityDequeLike::clone()` can cause dropping uninitialized memory

Affected versions of this crate don't guard against panics, so that partially uninitialized buffer is dropped when user-provided T::clone panics in FixedCapacityDequeLike::clone. This causes memory corruption...

9.8CVSS5.5AI score0.01119EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2020/12/31 12:0 p.m.•17 views

`impl Random` on arrays can lead to dropping uninitialized memory

Affected versions of this crate had a panic safety issue to drop partially uninitialized array of T upon panic in a user provided function T::random. Dropping uninitialized T can potentially cause memory corruption or undefined behavior. The flaw was corrected in commit 565d508 by using MaybeUnin...

7.8CVSS2.9AI score0.00426EPSS
Exploits1Affected Software1
Total number of security vulnerabilities1141