1141 matches found
`Matrix{2,3,4}::swap_columns` can trigger undefined behavior for identical indices
The Matrix2::swapcolumns, Matrix3::swapcolumns, and Matrix4::swapcolumns implementations call ptr::swap&mut selfa, &mut selfb. When a == b, these safe APIs create two mutable references to the same matrix column and pass them to ptr::swap. This violates Rust's aliasing rules and can trigger...
`Authorization::value` and `WwwAuthenticate::value` can violate ASCII invariants
Authorization::value uses HeaderValue::value with the claim that the internal string is ASCII, but Authorization::new and Authorization::setcredentials accept arbitrary String credentials without validation. As a result, safe code can construct a header value containing non-ASCII UTF-8 while the...
`chrono_anchor` was removed from crates.io due to malicious code
The chronoanchor crate attempted to exfiltrate .env files to a server that was in turn impersonating the legitimate timeapi.io service. The malicious crate had 1 version published on 2026-03-04 approximately 6 days before removal and had no evidence of actual downloads. There were no crates...
Denial of service in Quinn endpoints
Receiving QUIC transport parameters containing invalid values could lead to a panic. Unfortunately the maintainers did not properly assess usage of unwrap calls in the transport parameters parsing code, and we did not have sufficient fuzzing coverage to find this issue. We have since added a...
RustSec Advisory
Impact Vulnerability Type: Improper Control of Generation of Code 'Code Injection' CWE-94 / Improper Check for Unusual or Exceptional Conditions CWE-754 / Improper Input Validation CWE-20 / Use of Low-Level Functionality CWE-695 / Improper Privilege Management CWE-269 / External Control of System...
HTTP Request Smuggling via HTTP/1.0 and Transfer-Encoding Misparsing
Pingora versions prior to 0.8.0 improperly allowed HTTP/1.0 request bodies to be close-delimited and incorrectly handled multiple Transfer-Encoding values. This allows an attacker to desync Pingora's request framing from backend servers and smuggle requests to the backend. This vulnerability...
Panic in Signature Hint Decoding During Verification
During ML-DSA verification the serialized hint values are decoded as specified in algorithm 22 HintBitUnpack of FIPS 204, subsection 7.1. The algorithm requires that the cumulative hint counters per row of the hint vector are strictly increasing and below a maximum value which depends on the choi...
HTTP Request Smuggling via Premature Upgrade
Pingora versions prior to 0.8.0 would immediately forward bytes following a request with an Upgrade header to the backend, without waiting for a 101 Switching Protocols response. This allows an attacker to smuggle requests to the backend and bypass proxy-level security controls. This vulnerabilit...
Incorrect Check of Signer Response Norm During Verification
The ML-DSA verification algorithm as specified in FIPS 204, subsection 6.3 requires verifiers to check that the infinity norm of the deserialized signer response $z$ does not exceed $\gamma1 - \beta$ line 13 of Algorithm 8. The same check is required to be performed during signature generation...
All-Zero Key Generation on Catastrophic RNG Failure
The libcrux-ed25519 key generation samples Ed25519 secret keys from a provided CSPRNG in a loop for up to 100 attempts until a non-zero key is found. If a non-zero key could not be sampled within 100 attempts the key generation function would silently continue with an all-zero buffer as the secre...
Incorrect Output of Incremental Portable SHAKE API
The incremental squeeze functions in the portable SHAKE XOF API, when attempting to squeeze more than RATE 168 for SHAKE128, 136 for SHAKE256 bytes, performed an additional permutation of the state before producing the first output block, thus discarding the first block of RATE bytes of valid XOF...
`dnp3times` was removed from crates.io due to malicious code
The dnp3times crate attempted to exfiltrate .env files to a server that was in turn impersonating the legitimate timeapi.io service. It was loosely trying to typosquat the dnp3time crate, but otherwise was the same attack as the timecalibrator and timecalibrators malware yesterday. The malicious...
`time-sync` was removed from crates.io due to malicious code
The time-sync crate attempted to exfiltrate .env files to a server that was in turn impersonating the legitimate timeapi.io service. This the same attack that we've seen three times in the last few days. The malicious crate had 1 version published on 2026-03-04 approximately 50 minutes before...
Cache poisoning via insecure-by-default cache key
Pingora versions prior to 0.8.0 generated cache keys using only the URI path, excluding critical factors such as the host header. This allows an attacker to poison the cache and serve cross-origin responses to users. This vulnerability affects users of Pingora's alpha proxy caching feature who...
Panic in Standalone MAC Operations
An incorrect constant for the key length in libcrux-poly1305 caused the standalone MAC function libcruxpoly1305::mac to always panic with an out-of-bounds memory access. Impact Applications wishing to use libcrux-poly1305 as a standalone MAC would experience panics. The use of libcrux-poly1305 in...
`time_calibrators` was removed from crates.io due to malicious code
The timecalibrators crate attempted to exfiltrate .env files to a server that was in turn impersonating the legitimate timeapi.io service. The malicious crate had 1 version published on 2026-03-03 approximately 3 hours before removal and had no evidence of actual downloads. There were no crates...
`time_calibrator` was removed from crates.io due to malicious code
It was reported timecalibrator contained malicious code, that would try to upload .env files to a server. The malicious crate had only 1 version published at 2026-02-28 and no evidence of actual usage. The crate was removed from crates.io and the user account was locked. There were no crates...
PKCS7_verify Certificate Chain Validation Bypass in AWS-LC
Improper certificate validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. aws-lc-sys contains code from AWS-LC...
Timing Side-Channel in AES-CCM Tag Verification in AWS-LC
Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVPaes128ccm, EVPaes192ccm, and EVPaes256ccm. Customers of AWS servic...
PKCS7_verify Signature Validation Bypass in AWS-LC
Improper signature validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Customers of AWS services do not need to take action. aws-lc-sys contains code from AWS-LC. Applications using...
Timing Side-Channel in AES-CCM Tag Verification in AWS-LC
Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVPaes128ccm, EVPaes192ccm, and EVPaes256ccm. Customers of AWS servic...
`tracing_checks` was removed from crates.io for transitively including malicious code
This is part of an ongoing campaign to attempt to typosquat crates in an attempt to exfiltrate Polymarket credentials. The malicious crate had 1 version published on 2026-02-26 approximately 9 hours before removal and had no evidence of actual usage, both in terms of downloads and dependents. It...
`tracings` was removed from crates.io for malicious code
This is part of an ongoing campaign to attempt to typosquat crates in an attempt to exfiltrate Polymarket credentials. The malicious crate had 1 version published on 2026-02-26 approximately 9 hours before removal and had no evidence of actual usage. The only crate depending on this crate was the...
Double-free and use-after-free for Hive
Drop implementation for Hive did perform free, but so did Hive::close, which, at the end of the scope performed Drop, therefore triggering double-free. Additionally, function Hive::fromhandle was not marked as unsafe, making it, in combination with ashandle easy to clone and trigger double-free i...
Guest-controlled resource exhaustion in WASI implementations
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-852m-cvvp-9p4w For more information see the GitHub-hosted security advisory...
`tracing-check` was removed from crates.io for malicious code
This is part of an ongoing campaign to attempt to typosquat crates in the polymarket-client-sdk ecosystem to exfiltrate user credentials. The malicious crate had 1 version published on 2026-02-24 approximately 4 hours before removal and had no evidence of actual downloads. There were no crates...
Panic adding excessive fields to a `wasi:http/types.fields` instance
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-243v-98vx-264h For more information see the GitHub-hosted security advisory...
Panic when dropping a `[Typed]Func::call_async` future
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-xjhv-v822-pf94 For more information see the GitHub-hosted security advisory...
`rpc-check` was removed from crates.io for malicious code
This is part of an ongoing campaign to attempt to typosquat crates in the polymarket-client-sdk ecosystem to exfiltrate user credentials. The malicious crate had 6 versions published from 2026-02-20 onwards and had no evidence of actual usage. There were no crates depending on this crate on...
`polymarkets-rs-clob-client` was removed from crates.io for malicious code
This is part of an ongoing campaign to attempt to typosquat crates in the polymarket-client-sdk ecosystem to exfiltrate user credentials. The malicious crate had 1 version published on 2026-02-19 approximately 20 hours before removal and had no evidence of actual downloads. There were no crates...
`clob-sdk` was removed from crates.io for malicious code
This is part of an ongoing campaign to attempt to typosquat crates in the polymarket-client-sdk ecosystem to exfiltrate user credentials. The malicious crate had 1 version published on 2026-02-20 approximately 4 hours before removal and had no evidence of actual downloads. There were no crates...
`rpc-check` was removed from crates.io for malicious code
It was attempting to steal credentials from the POLYMARKETPRIVATEKEY environment variable. The malicious crate had 3 versions published on 2026-02-15 and had been downloaded only 155 times. There were no crates depending on this crate on crates.io. Thanks to Sisong Li for finding and reporting th...
`polymarkets-client-sdk` was removed from crates.io for malicious code
It appeared to be typosquatting existing crate polymarket-client-sdk polymarkets vs polymarket and attempting to steal credentials from local files. The malicious crate had 1 version published on 2026-02-19 an hour before removal and hadn't been downloaded. There were no crates depending on this...
Type confusion when accessing data from sublasses of subclasses of native types with `abi3` feature targeting Python 3.12 and up
PyO3 0.28.1 added support for pyclassextends=PyList struct NativeSub and other native types when targeting Python 3.12 and up with the abi3 feature. It was discovered that subclasses of such classes would use the type of the subclass when attempting to access to data of NativeSub contained within...
`polymarket-client-sdks` was removed from crates.io for malicious code
It appeared to be typosquatting existing crate polymarket-client-sdk sdks vs sdk and attempting to steal credentials from local files. The malicious crate had 1 version published on 2026-02-09 and had been downloaded only 33 times. There were no crates depending on this crate on crates.io. Thanks...
Unsoundness in opt-in ARMv8 assembly backend for `keccak`
Summary The asm! block enabled by the off-by-default asm feature, when enabled on ARMv8 targets, misspecified the operand type for all of its operands, using in for pointers and values which were subsequently mutated by operations performed within the assembly block. Impact It's unclear what...
Incorrect Length Encoding on KDF Export
Passing values length 65535 to Context::export produces output that disagrees with the RFC 9180 label encoding. In particular the length value is cast to u16 truncating any value exceeding 65535. Impact Applications that use hpke-rs to export very large secrets would experience interoperability...
Panic When Opening or Sealing on Export-Only Context
Constructing an HPKE Context with the AEAD algorithm set to HpkeExport resulted in a panic when calling Context::seal, or Context::open. This was due to an underflowing integer subtraction when calculating the length of a vector allocation for the AEAD nonce, which would panic on its own in debug...
Panic in `libcrux-psq` on decryption of malformed AES-GCM ciphertext
The latest releases of the libcrux-psq crate contains the following bug-fix: 1319: Propagate AEADError instead of panicking The issue fixed in 1319 was first reported by Nadim Kobeissi...
`polymarket-clients-sdk` was removed from crates.io for malicious code
It appeared to be typosquatting existing crate polymarket-client-sdk clients vs client and attempting to steal credentials from local files. The malicious crate had 6 versions published on 2026-02-05 and had been downloaded only 59 times. There were no crates depending on this crate on crates.io...
Denial of Service via Stack Exhaustion
Impact When user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary,...
Nonce Reuse in HPKE Context
The sequence number that is used to compute the AEAD nonce when using a re-usable HPKE context is incremented after each seal or open operation. This sequence number was stored as a u32 and used regular addition on u32 for the increment, meaning in release mode it would silently wrap around to 0...
Unnecessary clamping of seed reduces seed entropy to 251 bits
The latest releases of the libcrux-ed25519 crate contains the following bug-fix: 1320: Remove duplicated clamping step during key generation The issue fixed in 1320 was first reported by Nadim Kobeissi...
Missing Check for All-Zero X25519 Shared Secret
Computing an X25519 shared secret with x25519dalek::StaticSecret::diffiehellman does not include the check that the key exchange was contributory, i.e. does not ensure on its own that the resulting shared secret is non-zero. Impact RFC 9180 mandates that implementations of HPKE must check for all...
Integer overflow in `BytesMut::reserve`
In the unique reclaim path of BytesMut::reserve, the condition rs if vcapacity = newcap + offset uses an unchecked addition. When newcap + offset overflows usize in release builds, this condition may incorrectly pass, causing self.cap to be set to a value that exceeds the actual allocated capacit...
Potential undefined behavior when dereferencing Buf struct
if we dereference the Buf struct right after calling new or default on Buf struct, it passes Null Pointer to the unsafe function slice::fromrawparts. Based on the safety section documentation of function, data must be non-null and aligned even for zero-length slices or slices of ZSTs. Thus, passi...
X25519 secret validation did not check buffer length or clamping
The latest releases of the libcrux-ecdh crate contains the following bug-fix: 1301: Check length and clamping in X25519 secret validation. This is a breaking change since errors are now raised on unclamped X25519 secrets or inputs of the wrong length...
Wasmtime segfault or unused out-of-sandbox load with `f64.copysign` operator on x86-64
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-vc8c-j3xm-xj73 For more information see the GitHub-hosted security advisory...
Incorrect X25519 clamping check rejects all secrets on import
The latest releases of the libcrux-psq crate contains the following bug-fix: 1301: Fix broken clamping check for imported X25519 secret keys...
Potential use-after-free in `oneshot` when used asynchronously
There is a race condition that can lead to a use-after-free if a oneshot::Receiver is polled but then dropped instead of polled to completion. This could happen if the receiver future was cancelled while receiving, for example by being wrapped in a timeout future or similar. When the Receiver is...