An integer underflow could lead to panic

A mistake in error handling in untrusted before 0.6.2 could lead to an integer underflow and panic if a user of the crate didn't properly check for errors returned by untrusted. Combination of these two programming errors one in untrusted and another by user of this crate could lead to a panic an...

Use-after-free with objects returned by `Stream`'s `get_format_info` and `get_context` methods

Affected versions contained a pair of use-after-free issues with the objects returned by the getformatinfo and getcontext methods of Stream objects. These objects were mistakenly being constructed without setting an important flag to prevent destruction of the underlying C objects they reference...

Multiple memory safety issues

Affected versions contain multiple memory safety issues, such as: - Unsoundly coercing immutable references to mutable references - Unsoundly extending lifetimes of strings - Adding the Send marker trait to objects that cannot be safely sent between threads This may result in a variety of memory...

Use after free in CMS Signing

Affected versions of the OpenSSL crate used structures after they'd been freed...

`tempdir` crate has been deprecated; use `tempfile` instead

The tempdir crate has been deprecated and the functionality is merged into tempfile...

Unchecked vector pre-allocation

Affected versions of this crate pre-allocate memory on deserializing raw buffers without checking whether there is sufficient data available. This allows an attacker to do denial-of-service attacks by sending small msgpack messages that allocate gigabytes of memory...

`serial` crate is unmaintained

The serial crate is no longer maintained. Last release was on 2017-07-02. Possible alternatives Consider using an alternative, for instance the blocking librarys: - serial2 - serialport or async alternatives: - mio-serial - tokio-serial...

Large cookie Max-Age values can cause a denial of service

Affected versions of this crate use the time crate and the method Duration::seconds to parse the Max-Age duration cookie setting. This method will panic if the value is greater than 2^64/1000 and less than or equal to 2^64, which can result in denial of service for a client or server. This flaw w...

Integer overflow leads to heap-based buffer overflow in encode_config_buf

Affected versions of this crate suffered from an integer overflow bug when calculating the size of a buffer to use when encoding base64 using the encodeconfigbuf and encodeconfig functions. If the input string was large, this would cause a buffer to be allocated that was too small. Since this...

lz4-compress is unmaintained

According to the developers this crate is no longer maintained. The suggested alternative is lz4-compression, a maintained fork of lz4-compress. See also lz-fear which is compatible with the reference LZ4 implementation in C, but not with lz4-compress...

Hostname verification skipped when custom root certs used

If custom root certificates were registered with a ClientBuilder, the hostname of the target server would not be validated against its presented leaf certificate. This issue was fixed by properly configuring the trust evaluation logic to perform that check...

scalarmult() vulnerable to degenerate public keys

The scalarmult function included in previous versions of this crate accepted all-zero public keys, for which the resulting Diffie-Hellman shared secret will always be zero regardless of the private key used. This issue was fixed by checking for this class of keys and rejecting them if they are us...

headers containing newline characters can split messages

Serializing of headers to the socket did not filter the values for newline bytes \r or \n, which allowed for header values to split a request or response. People would not likely include newlines in the headers in their own applications, so the way for most people to exploit this is if an...

`cassandra` crate is unmaintained; use `cassandra-cpp` instead

The cassandra crate has not seen a release since December 2016, and its author is unresponsive. The cassandra-cpp crate is a maintained fork: https://github.com/Metaswitch/cassandra-rs...

SSL/TLS MitM vulnerability due to insecure defaults

All versions of rust-openssl prior to 0.9.0 contained numerous insecure defaults including off-by-default certificate verification and no API to perform hostname verification. Unless configured correctly by a developer, these defaults could allow an attacker to perform man-in-the-middle attacks...

libusb is unmaintained; use rusb instead

The libusb crate has not seen a release since September 2016, and its author is unresponsive. The rusb crate is a maintained fork: https://github.com/a1ien/rusb...

rust-crypto is unmaintained; switch to a modern alternative

The rust-crypto crate has not seen a release or GitHub commit since 2016, and its author is unresponsive. NOTE: The old rust-crypto crate with hyphen should not be confused with similarly named new RustCrypto GitHub Org without hyphen. The GitHub Org is actively maintained. We recommend you switc...

HTTP download and execution allows MitM RCE

The build script in the portaudio crate will attempt to download via HTTP the portaudio source and build it. A Mallory in the middle can intercept the download with their own archive and get RCE...

HTTPS MitM vulnerability due to lack of hostname verification

When used on Windows platforms, all versions of Hyper prior to 0.9.4 did not perform hostname verification when making HTTPS requests. This allows an attacker to perform MitM attacks by preventing any valid CA-issued certificate, even if there's a hostname mismatch. The problem was addressed by...