Lucene search
K
RustsecRecent

1141 matches found

RustSec
RustSec
•added 2020/02/10 12:0 p.m.•10 views

slice-deque is unmaintained

The author of the slice-deque crate is unresponsive and is not receiving security patches. Maintained alternatives: - slice-ring-buffer...

2.4AI score
Exploits0
RustSec
RustSec
•added 2020/02/07 12:0 p.m.•9 views

multi_mut is Unmaintained

Last release was about 6 years ago. There is an outstanding soundness issue. The maintainer has not responded for two years to the existing soundness issue. Rust compiler has enabled errors relating to LLVM noalias rules and may not compile anymore where as the old compiler versions had turned...

7.2AI score
Exploits0
RustSec
RustSec
•added 2020/02/06 12:0 p.m.•13 views

`tokio-proto` is deprecated/unmaintained

The tokio-proto crate has been deprecated, and its GitHub repository has been archived. Users may be interested in tokio-tower instead, per https://github.com/tokio-rs/tokio/issues/118issuecomment-452969665...

0.6AI score
Exploits0
RustSec
RustSec
•added 2020/01/30 12:0 p.m.•21 views

Use-after-free in Framed due to lack of pinning

Affected versions of this crate did not require the buffer wrapped in Framed to be pinned, but treated it as if it had a fixed location in memory. This may result in a use-after-free. The flaw was corrected by making the affected functions accept Pin instead of &mut self...

9.8CVSS4.2AI score0.01629EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/01/24 12:0 p.m.•22 views

sigstack allocation bug can cause memory corruption or leak

An embedding using affected versions of lucet-runtime configured to use non-default Wasm globals sizes of more than 4KiB, or compiled in debug mode without optimizations, could leak data from the signal handler stack to guest programs. This can potentially cause data from the embedding host to le...

9.1CVSS1.1AI score0.01505EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2020/01/24 12:0 p.m.•28 views

Improper `Sync` implementation on `FuturesUnordered` in futures-utils can cause data corruption

Affected versions of the crate had an unsound Sync implementation on the FuturesUnordered structure, which used a Cell for interior mutability without any code to handle synchronized access to the underlying task list's length and head safely. This could of lead to data corruption since two threa...

5.5CVSS1.5AI score0.00334EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2020/01/24 12:0 p.m.•18 views

Use-after-free in BodyStream due to lack of pinning

Affected versions of this crate did not require the buffer wrapped in BodyStream to be pinned, but treated it as if it had a fixed location in memory. This may result in a use-after-free. The flaw was corrected by making the trait MessageBody require Unpin and making pollnext function accept Pin...

7.5CVSS4AI score0.01406EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/01/24 12:0 p.m.•27 views

Contents of uninitialized memory exposed in DeflateOutput's AsyncRead implementation

Affected versions of this crate passes an uninitialized buffer to a user-provided trait function AsyncRead::pollread. Arbitrary AsyncRead::pollread implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading...

9.8CVSS3.6AI score0.0123EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2020/01/22 12:0 p.m.•20 views

Observable Discrepancy in libsecp256k1-rs

A timing vulnerability in the Scalar::checkoverflow function in Parity libsecp256k1-rs before 0.3.1 potentially allows an attacker to leak information via a side-channel attack...

5.9CVSS3.9AI score0.00881EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2020/01/21 12:0 p.m.•17 views

Threshold value is ignored (all shares are n=3)

Affected versions of this crate did not properly calculate secret shares requirements. This reduces the security of the algorithm by restricting the crate to always using a threshold value of three, rather than a configurable limit. The flaw was corrected by correctly configuring the threshold...

2.5AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2020/01/20 12:0 p.m.•16 views

rust_sodium is unmaintained; switch to a modern alternative

The rustsodium crate is no longer maintained by its current owner, who advise in the repository readme that they are looking for someone else to take ownership of it. We recommend you switch to an alternative crate such as: - sodiumoxide...

3.3AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2020/01/16 12:0 p.m.•26 views

Parsing a specially crafted message can result in a stack overflow

Affected versions of this crate contained a bug in which decoding untrusted input could overflow the stack. On architectures with stack probes like x86, this can be used for denial of service attacks, while on architectures without stack probes like ARM overflowing the stack is unsound and can...

9.8CVSS5.2AI score0.0326EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/01/08 12:0 p.m.•22 views

bespoke Cell implementation allows obtaining several mutable references to the same data

The custom implementation of a Cell primitive in the affected versions of this crate does not keep track of mutable references to the underlying data. This allows obtaining several mutable references to the same object which may result in arbitrary memory corruption, most likely use-after-free. T...

9.1CVSS3.5AI score0.0141EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/01/08 12:0 p.m.•26 views

bespoke Cell implementation allows obtaining several mutable references to the same data

The custom implementation of a Cell primitive in the affected versions of this crate does not keep track of mutable references to the underlying data. This allows obtaining several mutable references to the same object which may result in arbitrary memory corruption, most likely use-after-free. T...

5.5CVSS3.5AI score0.00374EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2020/01/06 12:0 p.m.•20 views

Stack overflow when resolving additional records from MX or SRV null targets

There's a stack overflow leading to a crash and potential DOS when processing additional records for return of MX or SRV record types from the server. This is only possible when a zone is configured with a null target for MX or SRV records, i.e. '.'. Example effected zone record: text no-service...

7.5CVSS1.8AI score0.01439EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2019/11/21 12:0 p.m.•18 views

spin is no longer actively maintained

The author of the spin crate does not have time or interest to maintain it. Consider the following alternatives all of which support nostd: - conquer-once - lockapi a subproject of parkinglot - spinningtop spinlock crate built on lockapi - spinning...

2.3AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2019/11/21 12:0 p.m.•20 views

crust repo has been archived; use libp2p instead

The crust crate repo was archived with no warning or explanation. Given that it was archived with no warning or successor, there's not an official replacement but rust-libp2p looks like it's got a similar feature set and is actively maintained...

2.4AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2019/11/16 12:0 p.m.•23 views

Integer Overflow in HeaderMap::reserve() can cause Denial of Service

HeaderMap::reserve used usize::nextpoweroftwo to calculate the increased capacity. However, nextpoweroftwo silently overflows to 0 if given a sufficiently large number in release mode. If the map was not empty when the overflow happens, the library will invoke self.grow0 and start infinite probin...

2.1AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2019/11/16 12:0 p.m.•21 views

HeaderMap::Drain API is unsound

Affected versions of this crate incorrectly used raw pointer, which introduced unsoundness in its public safe API. Failing to drop the Drain struct causes double-free, and it is possible to violate Rust's alias rule and cause data race with Drain's Iterator implementation. The flaw was corrected ...

9.8CVSS2.4AI score0.01812EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/11/13 12:0 p.m.•25 views

Type confusion if __private_get_type_id__ is overridden

Safe Rust code can implement malfunctioning privategettypeid and cause type confusion when downcasting, which is an undefined behavior. Users who derive Fail trait are not affected...

9.8CVSS3.8AI score0.01487EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/10/22 12:0 p.m.•28 views

ChaCha20 counter overflow can expose repetitions in the keystream

The ChaCha20 stream cipher can produce a maximum of 2^32 blocks 256GB before the 32-bit counter overflows. Releases of the chacha20 crate prior to v0.2.3 allow generating keystreams larger than this, including seeking past the limit. When this occurs, the keystream is duplicated, with failure mod...

7.5CVSS1.7AI score0.01309EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/10/20 12:0 p.m.•23 views

Unsound `impl Follow for bool`

The implementation of impl Follow for bool allows to reinterpret arbitrary bytes as a bool. In Rust bool has stringent requirements for its in-memory representation. Use of this function allows to violate these requirements and invoke undefined behaviour in safe code...

9.8CVSS3.4AI score0.00575EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2019/10/14 12:0 p.m.•18 views

Flaw in Scalar::check_overflow allows side-channel timing attack

Versions of libsecp256k1 prior to 0.3.1 did not execute Scalar::checkoverflow in constant time. This allows an attacker to potentially leak information via a timing attack. The flaw was corrected by modifying Scalar::checkoverflow to execute in constant time...

7.5CVSS6.6AI score0.01415EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/10/11 12:0 p.m.•21 views

generichash::Digest::eq always return true

PartialEq implementation for generichash::Digest has compared itself to itself. Digest::eq always returns true and Digest::ne always returns false...

9.8CVSS2.3AI score0.01484EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/10/08 12:0 p.m.•13 views

Test advisory with associated example crate

This is a test advisory useful for verifying RustSec tooling and vulnerability detection pipelines are working correctly. Aside from the fact that it is filed against an example crate, it is otherwise considered by the Advisory Database itself to be a normal security advisory. It's filed against...

1.8AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2019/10/06 12:0 p.m.•22 views

Incorrect implementation of the Streebog hash functions

Internal update-sigma function was implemented incorrectly and depending on debug-assertions it could've caused an incorrect result or panic for certain inputs...

1.1AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2019/10/03 12:0 p.m.•16 views

Flaw in CBOR deserializer allows stack overflow

Affected versions of this crate did not properly check if semantic tags were nested excessively during deserialization. This allows an attacker to craft small 1 kB CBOR documents that cause a stack overflow. The flaw was corrected by limiting the allowed number of nested tags...

7.5CVSS4.6AI score0.0143EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2019/09/14 12:0 p.m.•20 views

Stream callback function is not unwind safe

Affected versions of this crate is not panic safe within callback functions streamcallback and streamfinishedcallback. The call to user-provided closure might panic before a mem::forget call, which then causes a use after free that grants attacker to control the callback function pointer. This...

9.8CVSS5.3AI score0.02506EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2019/09/14 12:0 p.m.•17 views

`Matrix::zip_elements` causes double free

Affected versions of this crate did not properly implements the Matrix::zipelements method, which causes an double free when the given trait implementation might panic. This allows an attacker to corrupt or take control of the memory. The flaw was corrected by Phosphorus15...

9.8CVSS4.2AI score0.01691EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2019/09/06 12:0 p.m.•20 views

fix unsound APIs that could lead to UB

Affected versions of this crate API could use uninitialized memory with some APIs in special cases, like use the API in none generator context. This could lead to UB. The flaw was corrected by This patch fixes all those issues above...

7.8CVSS2.6AI score0.01635EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/09/02 12:0 p.m.•29 views

Internally mutating methods take immutable ref self

Affected versions of this crate exposed several methods which took self by immutable reference, despite the requesting the RenderDoc API to set a mutable value internally. This is technically unsound and calling these methods from multiple threads without synchronization could lead to unexpected...

9.8CVSS2.3AI score0.01796EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/09/01 12:0 p.m.•19 views

Use-after-free in buffer conversion implementation

The From implementation for Vec was not properly implemented, returning a vector backed by freed memory. This could lead to memory corruption or be exploited to cause undefined behavior. A fix was published in version 0.1.3...

9.8CVSS3.6AI score0.01634EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/09/01 12:0 p.m.•23 views

Panic during initialization of Lazy<T> might trigger undefined behavior

If during the first dereference of Lazy the initialization function panics, subsequent dereferences will execute std::hints::unreachableunchecked. Applications with panic = "abort" are not affected, as there will be no subsequent dereferences...

7.5CVSS4.1AI score0.01583EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/08/27 12:0 p.m.•13 views

Wrong memory orderings in RwLock potentially violates mutual exclusion

Wrong memory orderings inside the RwLock implementation allow for two writers to acquire the lock at the same time. The drop implementation used Ordering::Relaxed, which allows the compiler or CPU to reorder a mutable access on the locked data after the lock has been yielded. Only users of the...

7.8CVSS1.4AI score0.01423EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/08/25 12:0 p.m.•20 views

HMAC-BLAKE2 algorithms compute incorrect results

When used in conjunction with the Hash-based Message Authentication Code HMAC, the BLAKE2b and BLAKE2s implementations in blake2 crate versions prior to v0.8.1 used an incorrect block size 32-bytes instead of 64-bytes for BLAKE2s, and 64-bytes instead of 128-bytes for BLAKE2b, causing them to...

9.8CVSS2.9AI score0.00933EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/08/24 12:0 p.m.•24 views

Cloned interners may read already dropped strings

Affected versions of this crate did not clone contained strings when an interner is cloned. Interners have raw pointers to the contained strings, and they keep pointing the strings which the old interner owns, after the interner is cloned. If a new cloned interner is alive and the old original...

7.5CVSS2.1AI score0.01547EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2019/08/21 12:0 p.m.•22 views

Flaw in interface may drop uninitialized instance of arbitrary types

Affected versions of this crate would call Vec::setlen on an uninitialized vector with user-provided type parameter, in an interface of the HDR image format decoder. They would then also call other code that could panic before initializing all instances. This could run Drop implementations on...

9.8CVSS3.9AI score0.02478EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/07/19 12:0 p.m.•24 views

Memory corruption in SmallVec::grow()

Attempting to call grow on a spilled SmallVec with a value less than the current capacity causes corruption of memory allocator data structures. An attacker that controls the value passed to grow may exploit this flaw to obtain memory contents or gain remote code execution. Credits to @ehuss for...

9.8CVSS3.1AI score0.02144EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/07/16 12:0 p.m.•23 views

Flaw in offset_of and span_of causes SIGILL, drops uninitialized memory of arbitrary type on panic in client code

Affected versions of this crate caused traps and/or memory unsafety by zero-initializing references. They also could lead to uninitialized memory being dropped if the field for which the offset is requested was behind a deref coercion, and that deref coercion caused a panic. The flaw was correcte...

7.5CVSS3.6AI score0.01751EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/07/04 12:0 p.m.•19 views

MultiDecoder::read() drops uninitialized memory of arbitrary type on panic in client code

Affected versions of libflate have set a field of an internal structure with a generic type to an uninitialized value in MultiDecoder::read and reverted it to the original value after the function completed. However, execution of MultiDecoder::read could be interrupted by a panic in caller-suppli...

9.8CVSS3.1AI score0.02458EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/06/24 12:0 p.m.•20 views

Flaw in string parsing can lead to crashes due to invalid memory access.

The affected version of this crate did not guard against accessing memory beyond the range of its input data. A pointer cast to read the data into a 256-bit register could lead to a segmentation fault when the end plus the 32 bytes 256 bit read would overlap into the next page during string...

7.5CVSS2.8AI score0.01398EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/06/20 12:0 p.m.•16 views

`boxfnonce` obsolete with release of Rust 1.35.0

This commit marks the boxfnonce crate as obsolete and the GitHub repo has since been archived. The functionality of boxfnonce has been added to Rust since 1.35.0. Use Box...

1.1AI score
Exploits0
RustSec
RustSec
•added 2019/06/15 12:0 p.m.•31 views

Format string vulnerabilities in `pancurses`

pancurses::mvprintw and pancurses::printw passes a pointer from a rust &str to C, allowing hostile input to execute a format string attack, which trivially allows writing arbitrary data to stack memory...

7.5CVSS6.4AI score0.01148EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/06/15 12:0 p.m.•23 views

Buffer overflow and format vulnerabilities in functions exposed without unsafe

ncurses exposes functions from the ncurses library which: - Pass buffers without length to C functions that may write an arbitrary amount of data, leading to a buffer overflow. instr, mvwinstr, etc - Passes rust &str to strings expecting C format arguments, allowing hostile input to execute a...

9.8CVSS4.7AI score0.01615EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/06/13 12:0 p.m.•20 views

Processing of maliciously crafted length fields causes memory allocation SIGABRTs

Affected versions of this crate tried to preallocate a vector for an arbitrary amount of bytes announced by the ASN.1-DER length field without further checks. This allows an attacker to trigger a SIGABRT by creating length fields that announce more bytes than the allocator can provide. The flaw w...

7.5CVSS4AI score0.01382EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/06/11 12:0 p.m.•34 views

Compiler optimisation for next_with_timeout in pnet::transport::IcmpTransportChannelIterator flaws to SEGFAULT

Affected versions of this crate were optimized out by compiler, which caused dereference of uninitialized file descriptor which caused segfault...

7.5CVSS2.6AI score0.00958EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/06/08 12:0 p.m.•24 views

Out of Memory in stream::read_raw_bytes_into()

Affected versions of this crate called Vec::reserve on user-supplied input. This allows an attacker to cause an Out of Memory condition while calling the vulnerable method on untrusted data...

7.5CVSS5.6AI score0.03764EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/06/06 12:0 p.m.•20 views

Double-free and use-after-free in SmallVec::grow()

Attempting to call grow on a spilled SmallVec with a value equal to the current capacity causes it to free the existing data. This performs a double free immediately and may lead to use-after-free on subsequent accesses to the SmallVec contents. An attacker that controls the value passed to grow...

9.8CVSS2.3AI score0.01862EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/05/21 12:0 p.m.•17 views

Flaw in generativity allows out-of-bounds access

Affected versions of this crate did not properly implement the generativity, because the invariant lifetimes were not necessarily dropped. This allows an attacker to mix up two arenas, using indices created from one arena with another one. This might lead to an out-of-bounds read or write access...

9.8CVSS4.6AI score0.01855EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/05/15 12:0 p.m.•23 views

Failure to properly verify ed25519 signatures makes any signature valid

Affected versions of this crate did not properly verify ed25519 signatures. Any signature with a correct length was considered valid. This allows an attacker to impersonate any node identity...

7.5CVSS4.7AI score0.00765EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1141