Lucene search
K
RustsecRecent

1141 matches found

RustSec
RustSec
•added 2019/05/07 12:0 p.m.•20 views

Bug in SliceDeque::move_head_unchecked corrupts its memory

Affected versions of this crate entered a corrupted state if mem::sizeof:: % allocationgranularity != 0 and a specific allocation pattern was used: sufficiently shifting the deque elements over the mirrored page boundary. This allows an attacker that controls controls both element insertion and...

9.8CVSS2.4AI score0.01611EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/04/27 12:0 p.m.•20 views

Uncontrolled recursion leads to abort in HTML serialization

Affected versions of this crate did use recursion for serialization of HTML DOM trees. This allows an attacker to cause abort due to stack overflow by providing a pathologically nested input. The flaw was corrected by serializing the DOM tree iteratively instead...

7.5CVSS3.8AI score0.01411EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/04/19 12:0 p.m.•21 views

Unaligned memory access

Affected versions of this crate violated alignment when casting byte slices to integer slices, resulting in undefined behavior. The flaw was corrected by Ralf Jung and Diggory Hardy...

9.8CVSS3.8AI score0.01545EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2019/04/06 12:0 p.m.•22 views

typemap is Unmaintained

The maintainer seems unreachable. The crate may or may not be usable as-is despite no maintenance and may not work in future versions of Rust. The last release seems to have been seven years ago. Possible Alternatives The below list has not been vetted in any way and may or may not contain...

2.5AI score
Exploits0
RustSec
RustSec
•added 2019/03/10 12:0 p.m.•17 views

Fix for UB in failure to catch panics crossing FFI boundaries

Affected versions of this crate failed to catch panics crossing FFI boundaries via callbacks, which is a form of UB. This flaw was corrected by this commit1 which was included in version 2.6.0. 1: https://github.com/jnqnfe/pulse-binding-rust/commit/7fd282aef7787577c385aed88cb25d004b85f494...

7.5CVSS3.7AI score0.01177EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2018/12/22 12:0 p.m.•20 views

Possible use-after-free with `proplist::Iterator`

Affected versions contained a possible use-after-free issue with property list iteration due to a lack of a lifetime constraint tying the lifetime of a proplist::Iterator to the Proplist object for which it was created. This made it possible for users, without experiencing a compiler error/warnin...

6.5CVSS3.3AI score0.00988EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2018/12/20 12:0 p.m.•18 views

Flaw in streaming state reset() functions can create incorrect results.

Affected versions of this crate did not properly reset a streaming state. Resetting a streaming state, without finalising it first, creates incorrect results. The flaw was corrected by not first checking if the state had already been reset, when calling reset...

7.5CVSS3.3AI score0.01598EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2018/12/18 12:0 p.m.•17 views

Enum repr causing potential memory corruption

The attribute repr added to enums to be compatible with C-FFI caused memory corruption on MSVC toolchain. arrayfire crates = version 3.5.0 do not have this issue when used with Rust versions 1.27 or earlier. The issue only started to appear since Rust version 1.28. The issue seems to be interlink...

9.8CVSS5.6AI score0.01645EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2018/12/09 12:0 p.m.•18 views

MsQueue and SegQueue suffer from double-free

Even if an element is popped from a queue, crossbeam would run its destructor inside the epoch-based garbage collector. This is a source of double frees. The flaw was corrected by wrapping elements inside queues in a ManuallyDrop. Thanks to @c0gent for reporting the issue...

9.8CVSS1.3AI score0.01744EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2018/12/05 12:0 p.m.•22 views

Bug in SliceDeque::move_head_unchecked allows read of corrupted memory

Affected versions of this crate did not properly update the head and tail of the deque when inserting and removing elements from the front if, before insertion or removal, the tail of the deque was in the mirrored memory region, and if, after insertion or removal, the head of the deque is exactly...

9.8CVSS3.4AI score0.01611EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2018/11/27 12:0 p.m.•19 views

Vec-to-vec transmutations could lead to heap overflow/corruption

Affected versions of this crate switched the length and capacity arguments in the Vec::fromrawparts constructor, which could lead to memory corruption or data leakage. The flaw was corrected by using the constructor correctly...

9.8CVSS2.8AI score0.02032EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2018/11/19 12:0 p.m.•12 views

term is looking for a new maintainer

The author of the term crate does not have time to maintain it and is looking for a new maintainer. Some maintained alternatives you can potentially switch to instead, depending on your needs: - crossterm - termcolor - yansi...

2.2AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2018/10/09 12:0 p.m.•24 views

Stack overflow when parsing malicious DNS packet

There's a stack overflow leading to a crash when Trust-DNS's parses a malicious DNS packet. Affected versions of this crate did not properly handle parsing of DNS message compression RFC1035 section 4.1.4. The parser could be tricked into infinite loop when a compression offset pointed back to th...

7.5CVSS3.6AI score0.01411EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2018/09/25 12:0 p.m.•15 views

smallvec creates uninitialized value of any type

Affected versions of this crate called mem::uninitialized to create values of a user-supplied type T. This is unsound e.g. if T is a reference type which must be non-null and thus may not remain uninitialized. The flaw was corrected by avoiding the use of mem::uninitialized, using MaybeUninit...

7.5CVSS3.8AI score0.01389EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2018/09/17 12:0 p.m.•20 views

Uncontrolled recursion leads to abort in deserialization

Affected versions of this crate did not prevent deep recursion while deserializing data structures. This allows an attacker to make a YAML file with deeply nested structures that causes an abort while deserializing it. The flaw was corrected by checking the recursion depth. Note: clap 2.33 is not...

7.5CVSS3.9AI score0.01411EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2018/09/17 12:0 p.m.•13 views

Uncontrolled recursion leads to abort in deserialization

Affected versions of this crate did not properly check for recursion while deserializing aliases. This allows an attacker to make a YAML file with an alias referring to itself causing an abort. The flaw was corrected by checking the recursion depth...

4.5AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2018/08/25 12:0 p.m.•22 views

Malicious input could cause uninitialized memory to be exposed

Affected versions of Claxon made an invalid assumption about the decode buffer size being a multiple of a value read from the bitstream. This could cause parts of the decode buffer to not be overwritten. If the decode buffer was newly allocated and uninitialized, this uninitialized memory could b...

6.5CVSS2.7AI score0.01372EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2018/08/22 12:0 p.m.•19 views

Use of uninitialized memory in temporary

Uninit memory is used as a RNG seed in temporary The following function is used as a way to get entropy from the system, which does operations on and exposes uninit memory, which is UB. rust fn randomseed: &Path, : &str - u64; 2 use std::mem::uninitialized as rand; unsafe rand:: ^ 0x12345678,...

1.1AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2018/07/31 12:0 p.m.•15 views

chan is end-of-life; use crossbeam-channel instead

chan has reached its end-of-life and is now deprecated. The intended successor of this crate is crossbeam-channel. Its API is strikingly similar, but comes with a much better select! macro, better performance, a better test suite and an all-around better implementation...

1.3AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2018/07/19 12:0 p.m.•21 views

Possible double free during unwinding in SmallVec::insert_many

If an iterator passed to SmallVec::insertmany panicked in Iterator::next, destructors were run during unwinding while the vector was in an inconsistent state, possibly causing a double free a destructor running on two copies of the same value. This is fixed in smallvec 0.6.3 by ensuring that the...

9.8CVSS2.2AI score0.01798EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2018/06/30 12:0 p.m.•15 views

quickersort is deprecated and unmaintained

The author of the quickersort crate has deprecated it and does not recommend using it anymore. Everything in it has been incorporated into std::sortunstable in the standard library as of Rust 1.20. std::sortunstable: https://doc.rust-lang.org/stable/std/primitive.slice.htmlmethod.sortunstable...

4.3AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2018/06/29 12:0 p.m.•24 views

Links in archives can overwrite any existing file

When unpacking a tarball with the unpackin-family of functions it's intended that only files within the specified directory are able to be written. Tarballs with hard links or symlinks, however, can be used to overwrite any file on the filesystem. Tarballs can contain multiple entries for the sam...

7.5CVSS0.2AI score0.01676EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2018/06/21 12:0 p.m.•16 views

An integer underflow could lead to panic

A mistake in error handling in untrusted before 0.6.2 could lead to an integer underflow and panic if a user of the crate didn't properly check for errors returned by untrusted. Combination of these two programming errors one in untrusted and another by user of this crate could lead to a panic an...

7.5CVSS3AI score0.01411EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2018/06/15 12:0 p.m.•19 views

Use-after-free with objects returned by `Stream`'s `get_format_info` and `get_context` methods

Affected versions contained a pair of use-after-free issues with the objects returned by the getformatinfo and getcontext methods of Stream objects. These objects were mistakenly being constructed without setting an important flag to prevent destruction of the underlying C objects they reference...

3.9AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2018/06/08 12:0 p.m.•19 views

Multiple memory safety issues

Affected versions contain multiple memory safety issues, such as: - Unsoundly coercing immutable references to mutable references - Unsoundly extending lifetimes of strings - Adding the Send marker trait to objects that cannot be safely sent between threads This may result in a variety of memory...

9.8CVSS2AI score0.01324EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2018/06/01 12:0 p.m.•29 views

Use after free in CMS Signing

Affected versions of the OpenSSL crate used structures after they'd been freed...

9.8CVSS2.6AI score0.01744EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2018/02/13 12:0 p.m.•16 views

`tempdir` crate has been deprecated; use `tempfile` instead

The tempdir crate has been deprecated and the functionality is merged into tempfile...

1.3AI score
Exploits0
RustSec
RustSec
•added 2017/11/21 12:0 p.m.•14 views

Unchecked vector pre-allocation

Affected versions of this crate pre-allocate memory on deserializing raw buffers without checking whether there is sufficient data available. This allows an attacker to do denial-of-service attacks by sending small msgpack messages that allocate gigabytes of memory...

5.7AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2017/07/02 12:0 p.m.•9 views

`serial` crate is unmaintained

The serial crate is no longer maintained. Last release was on 2017-07-02. Possible alternatives Consider using an alternative, for instance the blocking librarys: - serial2 - serialport or async alternatives: - mio-serial - tokio-serial...

7.2AI score
Exploits0
RustSec
RustSec
•added 2017/05/06 12:0 p.m.•26 views

Large cookie Max-Age values can cause a denial of service

Affected versions of this crate use the time crate and the method Duration::seconds to parse the Max-Age duration cookie setting. This method will panic if the value is greater than 2^64/1000 and less than or equal to 2^64, which can result in denial of service for a client or server. This flaw w...

7.5CVSS4.1AI score0.01485EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2017/05/03 12:0 p.m.•19 views

Integer overflow leads to heap-based buffer overflow in encode_config_buf

Affected versions of this crate suffered from an integer overflow bug when calculating the size of a buffer to use when encoding base64 using the encodeconfigbuf and encodeconfig functions. If the input string was large, this would cause a buffer to be allocated that was too small. Since this...

9.8CVSS3.7AI score0.01534EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2017/04/17 12:0 p.m.•20 views

lz4-compress is unmaintained

According to the developers this crate is no longer maintained. The suggested alternative is lz4-compression, a maintained fork of lz4-compress. See also lz-fear which is compatible with the reference LZ4 implementation in C, but not with lz4-compress...

3AI score
Exploits0
RustSec
RustSec
•added 2017/03/15 12:0 p.m.•21 views

Hostname verification skipped when custom root certs used

If custom root certificates were registered with a ClientBuilder, the hostname of the target server would not be validated against its presented leaf certificate. This issue was fixed by properly configuring the trust evaluation logic to perform that check...

5.3CVSS1.2AI score0.00654EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2017/01/26 12:0 p.m.•25 views

scalarmult() vulnerable to degenerate public keys

The scalarmult function included in previous versions of this crate accepted all-zero public keys, for which the resulting Diffie-Hellman shared secret will always be zero regardless of the private key used. This issue was fixed by checking for this class of keys and rejecting them if they are us...

6.5CVSS3.4AI score0.01251EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2017/01/23 12:0 p.m.•24 views

headers containing newline characters can split messages

Serializing of headers to the socket did not filter the values for newline bytes \r or \n, which allowed for header values to split a request or response. People would not likely include newlines in the headers in their own applications, so the way for most people to exploit this is if an...

5.3CVSS3AI score0.01033EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2016/12/15 12:0 p.m.•17 views

`cassandra` crate is unmaintained; use `cassandra-cpp` instead

The cassandra crate has not seen a release since December 2016, and its author is unresponsive. The cassandra-cpp crate is a maintained fork: https://github.com/Metaswitch/cassandra-rs...

6.9AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2016/11/05 12:0 p.m.•27 views

SSL/TLS MitM vulnerability due to insecure defaults

All versions of rust-openssl prior to 0.9.0 contained numerous insecure defaults including off-by-default certificate verification and no API to perform hostname verification. Unless configured correctly by a developer, these defaults could allow an attacker to perform man-in-the-middle attacks...

8.1CVSS2.6AI score0.00745EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2016/09/10 12:0 p.m.•19 views

libusb is unmaintained; use rusb instead

The libusb crate has not seen a release since September 2016, and its author is unresponsive. The rusb crate is a maintained fork: https://github.com/a1ien/rusb...

7.1AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2016/09/06 12:0 p.m.•24 views

rust-crypto is unmaintained; switch to a modern alternative

The rust-crypto crate has not seen a release or GitHub commit since 2016, and its author is unresponsive. NOTE: The old rust-crypto crate with hyphen should not be confused with similarly named new RustCrypto GitHub Org without hyphen. The GitHub Org is actively maintained. We recommend you switc...

1.3AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2016/08/01 12:0 p.m.•17 views

HTTP download and execution allows MitM RCE

The build script in the portaudio crate will attempt to download via HTTP the portaudio source and build it. A Mallory in the middle can intercept the download with their own archive and get RCE...

5.9CVSS1.3AI score0.01078EPSS
Exploits0
RustSec
RustSec
•added 2016/05/09 12:0 p.m.•21 views

HTTPS MitM vulnerability due to lack of hostname verification

When used on Windows platforms, all versions of Hyper prior to 0.9.4 did not perform hostname verification when making HTTPS requests. This allows an attacker to perform MitM attacks by preventing any valid CA-issued certificate, even if there's a hostname mismatch. The problem was addressed by...

5.8CVSS2.3AI score0.00738EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1141