1141 matches found
WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-2r75-cxrj-cmph For more information see the GitHub-hosted security advisory...
PAX Header Desynchronization in astral-tokio-tar
Versions of astral-tokio-tar prior to 0.6.2 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle unexpected...
Read-only volume remount bypass via guest CAP_SYS_ADMIN
Affected versions of boxlite mount host directories shared via virtiofs as guest-side read-only by setting MSRDONLY from the guest. Because the default guest capability set included CAPSYSADMIN, untrusted code running inside a sandbox could execute mount -o remount,rw to re-flag the share as...
OCI layer symlink escape → arbitrary host write
Affected versions of boxlite extract OCI image layer tarballs without fully containing path resolution to the extraction root. A crafted layer containing a symlink whose target is an absolute on-host path e.g. escape - /tmp followed by a file entry that resolves through that symlink e.g...
Unbounded 32-bit allocation
Both the SSH agent server and client accepted peer-controlled frame lengths without enforcing a maximum frame size. This could cause large memory allocations while parsing a maliciously crafted agent frame. A malicious peer could advertise an oversized frame length, causing the client or server t...
Unchecked `CryptoVec` allocation and growth handling
CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation and locking paths. In affected russh releases, attacker-controlled input could reach these code paths through buffer resizing operations. Two affected reachability paths were identified: Current russh...
Double-free in `vmem` storage reachable from safe Rust (predecessor of `oneringbuf`)
mutringbuf is the archived predecessor of oneringbuf — the crate was renamed and the GitHub repository was archived on 2025-11-20. All released versions up to 1.0.0 carry the same vmem-feature double-free bug that affects oneringbuf, with the same code paths and the same reproduction shape. When...
TLS hostname verification disabled when using Boring TLS backend
An inverted-boolean bug in lettre's boring-tls integration silently disables TLS hostname verification for callers using the default strict configuration. An on-path attacker presenting any chain-valid certificate for any domain can intercept SMTP submission, including PLAIN/LOGIN credentials and...
Double-free in `vmem` storage reachable from safe Rust
When the vmem feature is enabled, VmemStorage::newBox and every public constructor that funnels through it — ConcurrentHeapRB::defaultcap, ConcurrentHeapRB::fromVec, From, etc. bit-copies the input buffer into a freshly mmap'd region with ptr::copynonoverlapping, then lets the source Box drop...
Potential undefined behavior with Signature from a buffer-created BlameHunk
When a Blame is created via Blame::blamebuffer, and a BlameHunk is retrieved, the pointers to the original author, original committer, final author, and final committer may be null if unavailable. The corresponding BlameHunk methods then create Signatures based on null pointers; attempting to...
Potential undefined behavior when calling Remote::list()
When calling Remote::list for a remote of a git repository, when that remote does not advertise any references, git2 passes a null pointer to the unsafe function slice::fromrawparts. Based on the safety section documentation of function, data must be non-null even for slices of length zero. Thus,...
DNS rebinding and cross-origin CSRF in dynoxide's MCP HTTP transport
dynoxide's MCP HTTP transport was vulnerable to DNS rebinding via its transitive rmcp dependency, plus a related cross-origin CSRF gap. A malicious web page could make the user's browser send requests to a local dynoxide mcp --http or dynoxide serve --mcp server with a non-loopback Host header,...
`InterfaceAccount` allows account substitution between unexpected types
Affected versions of anchor-lang allowed InterfaceAccount to accept accounts with an unexpected Anchor discriminator. A change to InterfaceAccount caused checked deserialization to be bypassed for this account wrapper, so validation proved only that the account owner matched one of the accepted...
`Program<System>` accepts arbitrary executable programs
Affected versions of anchor-lang did not properly validate accounts declared as Program. The generic Program validation path used Pubkey::default as a sentinel to decide whether any executable program should be accepted. Since the system program id is also the default pubkey, Program was treated...
Denial of service in Steamworks game clients/servers using P2P authentication
Processing the raw ValidateAuthTicketResponset callback data panics when the meAuthSessionResponse field is kEAuthSessionResponseAuthTicketNetworkIdentityFailure. This can lead to denial of service in game clients and servers using the beginauthenticationsession API to authenticate players if a...
Signature Verification on AVX2 Platforms Mishandles Edge Case
The AVX2 implementation of ML-DSA verification incorrectly implemented the usehint function, mishandling an edge case that should lead to signature rejection. Impact An attacker could make the ML-DSA verifier accept a crafted invalid signature under a maliciously generated verification key, if th...
Double-free and use-after-free in `Keys::next()`
Keys::next uses ptr::read to move out the Option by value, which drops the contained V when V is non-Copy e.g. String. This leaves a dangling value in the map's storage slot. Subsequent get operations on that key return a dangling reference to already-freed memory. This can be triggered through...
Double-free in `Chomp::inner()`
Chomp::inner uses std::ptr::readunaligned to move out the value from a raw pointer. If the original value is an owned type e.g. Box, calling inner moves out the ownership, but the original variable will still be dropped at the end of its scope. This causes the same heap memory to be freed twice,...
Null-pointer dereference and double-free via safe APIs
Two soundness violations exist in the Rust bindings for MetaCall: Null-pointer dereference: MetaCallFuture::newraw accepts a raw pointer without validation. The Debug impl calls Box::fromrawself.data on it. Passing a null pointer causes the Debug impl to construct a NonNull from null, producing...
Potential out-of-bounds write via public `Context` fields
The Context struct has all fields public pub dlen, pub digest, etc.. Code from other modules within the same crate can directly modify dlen to a value exceeding the digest vector length. When reset is subsequently called, self.digestself.dlen as usize = 0 becomes an out-of-bounds write. Withdrawa...
Buffer overflow in `Clusterings::from_i32_column_major_order()`
The fromi32columnmajororder method can create inconsistent internal state. When labels length and nitems mismatch, nclusterings becomes labels.len / nitems truncated, but subsequent calls to label use indices that exceed the internal data bounds, causing a buffer overflow. For example,...
Integer overflow in `array::ReadWrite::new()` leading to potential memory corruption
In array::ReadWrite::new line 83 of accessor/src/array.rs, let bytes = mem::sizeof:: len can overflow usize when len is very large. In release mode, this silently wraps, potentially making bytes = 0. The mapper then maps with 0 bytes, and subsequent accesses e.g. readvolatileat lead to undefined...
Out-of-bounds read/write in `Index` and `IndexMut` implementations
The Index and IndexMut implementations for Caja use unchecked pointer arithmetic without bounds validation. Creating a Caja with a small key and then accessing an out-of-range index causes out-of-bounds reads or writes beyond the allocated memory. This can be triggered through safe public APIs —...
Invalid pointer arithmetic in `iter()` and `iter_mut()`
The iter and itermut APIs compute current = &children0 as const const RawAutoChild.sub1, which performs pointer subtraction going before the start of the allocation. This is undefined behavior per Rust's pointer arithmetic rules. This can be triggered through safe public APIs — iter and itermut —...
Out-of-bounds read in `bytes_helper` public safe functions
The byteshelper module contains multiple public functions intoarr4, intoarr2, u8fromlebytes that use slice.getuncheckedpos..pos + N without verifying that pos + N = slice.len. These are public safe API functions, allowing any caller to trigger undefined behavior by passing invalid positions. For...
NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses
The NSEC3 closest-encloser proof validation in hickory-proto's DnssecDnsHandle walks from the QNAME up to the SOA owner name, building a list of candidate encloser names. The iterator used assumes the QNAME is a descendant of the SOA owner, terminating only when the current candidate equals the S...
CPU exhaustion during message encoding due to O(n²) name compression
During message encoding, hickory-proto's BinEncoder stores pointers to labels that are candidates for name compression in a Vec. The name compression logic then searches for matches with a linear scan. A malicious message with many records can both introduce many candidate labels, and invoke this...
NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses
The NSEC3 closest-encloser proof validation in hickory-net's DnssecDnsHandle walks from the QNAME up to the SOA owner name, building a list of candidate encloser names. The iterator used assumes the QNAME is a descendant of the SOA owner, terminating only when the current candidate equals the SOA...
Fragile bounds check when sampling from image
A read of pixels was coded as modifying coordinates to lie within the image bounds. It would calculate a coordinate by adding a constant to an input and taking the minimum of the resulting coordinate and 'dimension - 1'. This would not protect against malicious inputs that could overflow the...
Fragile bounds check when sampling from image
A bounds check was performed in floating points before a cast to the index passed to an unchecked access function. This checked considered NaN cases improperly, causing them to succeed the check instead of failing it. The floating point coordinate is under caller control by passing a selected...
Improper check of an invariant resulting in incorrect bounds checks
A bounds verification of a slice storage of a 2-dimensional matrix's coefficients a kernel would compare the total size against the product of individual dimensions. This would erroneously cast after the multiplication and consequently fail to detect possible violations when overflow occurs...
Unsound access to padding bytes while serializing date/time values using the Mysql backend
Diesel-async uses the mysql-async crate for interacting with Mysql compatible databases. This library already provides access to deserialized data for date/time releated types. Diesel-async then translated these deserialized data back to their serialized binary representation to hook into diesels...
Panic when allocating a table exceeding the size of the host's address space
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-p8xm-42r7-89xg For more information see the GitHub-hosted security advisory...
DNS rebinding vulnerability in rmcp Streamable HTTP server transport
Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport did not validate the incoming Host header. This allowed a malicious public website, via a DNS rebinding attack, to send requests to an MCP server running on the victim's loopback or private-network interface. An attacker wh...
`unpack_in` can chmod arbitrary directories by following symlinks
In versions 0.6.0 and earlier of astral-tokio-tar, the unpackin API could inadvertently modify the permissions of external i.e. non-archive directories outside of the archive. An attacker could use this to contrite a tar archive that maliciously changes directory permissions outside of its intend...
PAX Header Desynchronization in astral-tokio-tar
Versions of astral-tokio-tar prior to 0.6.1 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle unexpected...
AVX2 Implementation Did Not Fully Reduce Intermediate Values
The AVX2 implementation of ML-DSA did not fully reduce intermediate inputs to the inverse NTT, which leads to a testable difference in panic behaviour of internal functions compared to the portable implementation. Impact We are not aware of inputs to the public key generation, signing or...
Unsound transmute while debug/display printing batch Insert statements in Diesel's SQLite backend
Diesel allows users to output the generated SQL for any query DSL construct via th diesel::debugquery function as Display and Debug output. For the particular implementation used by batch Insert statements in the SQLite backend Diesel relied on an unspecified transmute between types with a reprru...
Unsound access to padding bytes while serializing date/time values using the Mysql backend
Diesel relies on libmysqlclient for interacting with Mysql compatible databases. This library requires to provide date/time values according to the byte layout of their MYSQLTIME type. Diesel replicated this type as reprC struct, populated all the fields of this struct and then casted this value ...
Possible unaligned data access for implementations of `SqliteAggregate`
Diesel allows to register custom aggregate SQL functions for SQLite via the SqliteAggregate interface. To store an instance of the custom aggregate processor Diesel relied on the sqlite3aggregatecontext function provided by sqlite. This function doesn't provide any guarantees about alignment of t...
Possible UTF-8 corruption in Diesels SQLite backend
Diesel uses the sqlite3valuetext function to receive strings from SQLite while deserializing query results. We misinterpreted the corresponding SQLite documentation that this function always returns a UTF-8 encoded string values as const cchar. Based on that we used str::fromutf8unchecked to...
Command injection in Diesel's implementation of `COPY FROM`/`COPY TO`
Diesel allows users to configure various options for PostgreSQL's COPY FROM and COPY TO statements. These configurations are partially provided as strings or characters. Diesel did not check if any these user-provided options contain a quote character ', which can lead to the injection of...
`sui-execution-cut` was removed from crates.io for malicious code
sui-execution-cut included a build script that attempted to exfiltrate data from the build machine. The malicious crate had 1 version published on 2026-04-20 and had no evidence of actual usage. This crate had no dependencies on crates.io...
Potential use-after-free due to lack of panic safety in `InlineVec::clear` and `SerVec::clear`
InlineVec::clear and SerVec::clear in rkyv were not panic-safe. Both functions iterate over their elements and call dropinplace on each, updating self.len only after the loop. If an element's Drop implementation panics during the loop, self.len is left at its original value. A subsequent invocati...
bare-metal is deprecated
The bare-metal crate has been deprecated and archived. For Mutex and CriticalSection, see the critical-section crate instead...
`mysten-metrics` was removed from crates.io for malicious code
mysten-metrics included a build script that attempted to exfiltrate data from the build machine. The malicious crate had 1 version published on 2026-04-20 and had no evidence of actual usage. This crate had no dependencies on crates.io...
Record cache accepts AUTHORITY section NS from sibling zone via parent-pool zone-context elevation
The Hickory DNS project's experimental hickory-recursor crate's record cache DnsLru stores records from DNS responses keyed by each record's own name, type, not by the query that triggered the response. cacheresponse in crates/recursor/src/lib.rs chains ANSWER, AUTHORITY, and ADDITIONAL sections...
Reachable panic in certificate revocation list parsing
A panic was reachable when parsing certificate revocation lists via BorrowedCertRevocationList::fromder or OwnedCertRevocationList::fromder. This was the result of mishandling a syntactically valid empty BIT STRING appearing in the onlySomeReasons element of a IssuingDistributionPoint CRL...
Broken hard revocation handling
Before sq-git checks if a commit can be authenticated, it first looks for hard revocations. Because parsing a policy is expensive and a project's policy rarely changes, sq-git has an optimization to only check a policy if it hasn't checked it before. It does this by maintaining a set of policies...
Name constraints were accepted for certificates asserting a wildcard name
Permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name. This was incorrect because, given a name constraint of accept.example.com, .example.com could feasibly allow a name of reject.example.com which is outside the constraint. This is very simila...