Lucene search
K
RustsecRecent

1141 matches found

RustSec
RustSec
•added 2026/03/11 12:0 p.m.•3 views

`Matrix{2,3,4}::swap_columns` can trigger undefined behavior for identical indices

The Matrix2::swapcolumns, Matrix3::swapcolumns, and Matrix4::swapcolumns implementations call ptr::swap&mut selfa, &mut selfb. When a == b, these safe APIs create two mutable references to the same matrix column and pass them to ptr::swap. This violates Rust's aliasing rules and can trigger...

6.1AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2026/03/11 12:0 p.m.•13 views

`Authorization::value` and `WwwAuthenticate::value` can violate ASCII invariants

Authorization::value uses HeaderValue::value with the claim that the internal string is ASCII, but Authorization::new and Authorization::setcredentials accept arbitrary String credentials without validation. As a result, safe code can construct a header value containing non-ASCII UTF-8 while the...

5.7AI score
Exploits0
RustSec
RustSec
•added 2026/03/10 12:0 p.m.•18 views

`chrono_anchor` was removed from crates.io due to malicious code

The chronoanchor crate attempted to exfiltrate .env files to a server that was in turn impersonating the legitimate timeapi.io service. The malicious crate had 1 version published on 2026-03-04 approximately 6 days before removal and had no evidence of actual downloads. There were no crates...

5.8AI score
Exploits0
RustSec
RustSec
•added 2026/03/09 12:0 p.m.•9 views

Denial of service in Quinn endpoints

Receiving QUIC transport parameters containing invalid values could lead to a panic. Unfortunately the maintainers did not properly assess usage of unwrap calls in the transport parameters parsing code, and we did not have sufficient fuzzing coverage to find this issue. We have since added a...

8.7CVSS5.8AI score0.005EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2026/03/08 12:0 p.m.•67 views

RustSec Advisory

Impact Vulnerability Type: Improper Control of Generation of Code 'Code Injection' CWE-94 / Improper Check for Unusual or Exceptional Conditions CWE-754 / Improper Input Validation CWE-20 / Use of Low-Level Functionality CWE-695 / Improper Privilege Management CWE-269 / External Control of System...

9.4CVSS5.9AI score0.0021EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2026/03/04 12:0 p.m.•12 views

HTTP Request Smuggling via HTTP/1.0 and Transfer-Encoding Misparsing

Pingora versions prior to 0.8.0 improperly allowed HTTP/1.0 request bodies to be close-delimited and incorrectly handled multiple Transfer-Encoding values. This allows an attacker to desync Pingora's request framing from backend servers and smuggle requests to the backend. This vulnerability...

9.3CVSS5.9AI score0.00707EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2026/03/04 12:0 p.m.•7 views

Panic in Signature Hint Decoding During Verification

During ML-DSA verification the serialized hint values are decoded as specified in algorithm 22 HintBitUnpack of FIPS 204, subsection 7.1. The algorithm requires that the cumulative hint counters per row of the hint vector are strictly increasing and below a maximum value which depends on the choi...

5.8AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2026/03/04 12:0 p.m.•11 views

HTTP Request Smuggling via Premature Upgrade

Pingora versions prior to 0.8.0 would immediately forward bytes following a request with an Upgrade header to the backend, without waiting for a 101 Switching Protocols response. This allows an attacker to smuggle requests to the backend and bypass proxy-level security controls. This vulnerabilit...

9.3CVSS6AI score0.00666EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2026/03/04 12:0 p.m.•9 views

Incorrect Check of Signer Response Norm During Verification

The ML-DSA verification algorithm as specified in FIPS 204, subsection 6.3 requires verifiers to check that the infinity norm of the deserialized signer response $z$ does not exceed $\gamma1 - \beta$ line 13 of Algorithm 8. The same check is required to be performed during signature generation...

5.8AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2026/03/04 12:0 p.m.•5 views

All-Zero Key Generation on Catastrophic RNG Failure

The libcrux-ed25519 key generation samples Ed25519 secret keys from a provided CSPRNG in a loop for up to 100 attempts until a non-zero key is found. If a non-zero key could not be sampled within 100 attempts the key generation function would silently continue with an all-zero buffer as the secre...

5.9AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2026/03/04 12:0 p.m.•5 views

Incorrect Output of Incremental Portable SHAKE API

The incremental squeeze functions in the portable SHAKE XOF API, when attempting to squeeze more than RATE 168 for SHAKE128, 136 for SHAKE256 bytes, performed an additional permutation of the state before producing the first output block, thus discarding the first block of RATE bytes of valid XOF...

5.8AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2026/03/04 12:0 p.m.•9 views

`dnp3times` was removed from crates.io due to malicious code

The dnp3times crate attempted to exfiltrate .env files to a server that was in turn impersonating the legitimate timeapi.io service. It was loosely trying to typosquat the dnp3time crate, but otherwise was the same attack as the timecalibrator and timecalibrators malware yesterday. The malicious...

5.9AI score
Exploits0
RustSec
RustSec
•added 2026/03/04 12:0 p.m.•10 views

`time-sync` was removed from crates.io due to malicious code

The time-sync crate attempted to exfiltrate .env files to a server that was in turn impersonating the legitimate timeapi.io service. This the same attack that we've seen three times in the last few days. The malicious crate had 1 version published on 2026-03-04 approximately 50 minutes before...

6AI score
Exploits0
RustSec
RustSec
•added 2026/03/04 12:0 p.m.•10 views

Cache poisoning via insecure-by-default cache key

Pingora versions prior to 0.8.0 generated cache keys using only the URI path, excluding critical factors such as the host header. This allows an attacker to poison the cache and serve cross-origin responses to users. This vulnerability affects users of Pingora's alpha proxy caching feature who...

8.4CVSS6AI score0.00394EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2026/03/04 12:0 p.m.•10 views

Panic in Standalone MAC Operations

An incorrect constant for the key length in libcrux-poly1305 caused the standalone MAC function libcruxpoly1305::mac to always panic with an out-of-bounds memory access. Impact Applications wishing to use libcrux-poly1305 as a standalone MAC would experience panics. The use of libcrux-poly1305 in...

5.8AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2026/03/03 12:0 p.m.•8 views

`time_calibrators` was removed from crates.io due to malicious code

The timecalibrators crate attempted to exfiltrate .env files to a server that was in turn impersonating the legitimate timeapi.io service. The malicious crate had 1 version published on 2026-03-03 approximately 3 hours before removal and had no evidence of actual downloads. There were no crates...

5.9AI score
Exploits0
RustSec
RustSec
•added 2026/03/03 12:0 p.m.•6 views

`time_calibrator` was removed from crates.io due to malicious code

It was reported timecalibrator contained malicious code, that would try to upload .env files to a server. The malicious crate had only 1 version published at 2026-02-28 and no evidence of actual usage. The crate was removed from crates.io and the user account was locked. There were no crates...

6AI score
Exploits0
RustSec
RustSec
•added 2026/03/02 12:0 p.m.•3 views

PKCS7_verify Certificate Chain Validation Bypass in AWS-LC

Improper certificate validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. aws-lc-sys contains code from AWS-LC...

8.7CVSS5.8AI score0.00771EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2026/03/02 12:0 p.m.•5 views

Timing Side-Channel in AES-CCM Tag Verification in AWS-LC

Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVPaes128ccm, EVPaes192ccm, and EVPaes256ccm. Customers of AWS servic...

8.2CVSS7.5AI score0.01079EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2026/03/02 12:0 p.m.•7 views

PKCS7_verify Signature Validation Bypass in AWS-LC

Improper signature validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Customers of AWS services do not need to take action. aws-lc-sys contains code from AWS-LC. Applications using...

8.7CVSS7.5AI score0.00779EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2026/03/02 12:0 p.m.•4 views

Timing Side-Channel in AES-CCM Tag Verification in AWS-LC

Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVPaes128ccm, EVPaes192ccm, and EVPaes256ccm. Customers of AWS servic...

8.2CVSS7.6AI score0.01079EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2026/02/26 12:0 p.m.•11 views

`tracing_checks` was removed from crates.io for transitively including malicious code

This is part of an ongoing campaign to attempt to typosquat crates in an attempt to exfiltrate Polymarket credentials. The malicious crate had 1 version published on 2026-02-26 approximately 9 hours before removal and had no evidence of actual usage, both in terms of downloads and dependents. It...

5.5AI score
Exploits0
RustSec
RustSec
•added 2026/02/26 12:0 p.m.•7 views

`tracings` was removed from crates.io for malicious code

This is part of an ongoing campaign to attempt to typosquat crates in an attempt to exfiltrate Polymarket credentials. The malicious crate had 1 version published on 2026-02-26 approximately 9 hours before removal and had no evidence of actual usage. The only crate depending on this crate was the...

5.5AI score
Exploits0
RustSec
RustSec
•added 2026/02/26 12:0 p.m.•7 views

Double-free and use-after-free for Hive

Drop implementation for Hive did perform free, but so did Hive::close, which, at the end of the scope performed Drop, therefore triggering double-free. Additionally, function Hive::fromhandle was not marked as unsafe, making it, in combination with ashandle easy to clone and trigger double-free i...

5.9AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2026/02/24 12:0 p.m.•11 views

Guest-controlled resource exhaustion in WASI implementations

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-852m-cvvp-9p4w For more information see the GitHub-hosted security advisory...

6.9CVSS5.3AI score0.00345EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2026/02/24 12:0 p.m.•11 views

`tracing-check` was removed from crates.io for malicious code

This is part of an ongoing campaign to attempt to typosquat crates in the polymarket-client-sdk ecosystem to exfiltrate user credentials. The malicious crate had 1 version published on 2026-02-24 approximately 4 hours before removal and had no evidence of actual downloads. There were no crates...

5.4AI score
Exploits0
RustSec
RustSec
•added 2026/02/24 12:0 p.m.•8 views

Panic adding excessive fields to a `wasi:http/types.fields` instance

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-243v-98vx-264h For more information see the GitHub-hosted security advisory...

7.5CVSS5.3AI score0.00466EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2026/02/24 12:0 p.m.•8 views

Panic when dropping a `[Typed]Func::call_async` future

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-xjhv-v822-pf94 For more information see the GitHub-hosted security advisory...

7.5CVSS5.3AI score0.00362EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2026/02/24 12:0 p.m.•10 views

`rpc-check` was removed from crates.io for malicious code

This is part of an ongoing campaign to attempt to typosquat crates in the polymarket-client-sdk ecosystem to exfiltrate user credentials. The malicious crate had 6 versions published from 2026-02-20 onwards and had no evidence of actual usage. There were no crates depending on this crate on...

5.5AI score
Exploits0
RustSec
RustSec
•added 2026/02/20 12:0 p.m.•15 views

`polymarkets-rs-clob-client` was removed from crates.io for malicious code

This is part of an ongoing campaign to attempt to typosquat crates in the polymarket-client-sdk ecosystem to exfiltrate user credentials. The malicious crate had 1 version published on 2026-02-19 approximately 20 hours before removal and had no evidence of actual downloads. There were no crates...

5.5AI score
Exploits0
RustSec
RustSec
•added 2026/02/20 12:0 p.m.•11 views

`clob-sdk` was removed from crates.io for malicious code

This is part of an ongoing campaign to attempt to typosquat crates in the polymarket-client-sdk ecosystem to exfiltrate user credentials. The malicious crate had 1 version published on 2026-02-20 approximately 4 hours before removal and had no evidence of actual downloads. There were no crates...

5.5AI score
Exploits0
RustSec
RustSec
•added 2026/02/19 12:0 p.m.•10 views

`rpc-check` was removed from crates.io for malicious code

It was attempting to steal credentials from the POLYMARKETPRIVATEKEY environment variable. The malicious crate had 3 versions published on 2026-02-15 and had been downloaded only 155 times. There were no crates depending on this crate on crates.io. Thanks to Sisong Li for finding and reporting th...

5.5AI score
Exploits0
RustSec
RustSec
•added 2026/02/19 12:0 p.m.•11 views

`polymarkets-client-sdk` was removed from crates.io for malicious code

It appeared to be typosquatting existing crate polymarket-client-sdk polymarkets vs polymarket and attempting to steal credentials from local files. The malicious crate had 1 version published on 2026-02-19 an hour before removal and hadn't been downloaded. There were no crates depending on this...

5.4AI score
Exploits0
RustSec
RustSec
•added 2026/02/18 12:0 p.m.•7 views

Type confusion when accessing data from sublasses of subclasses of native types with `abi3` feature targeting Python 3.12 and up

PyO3 0.28.1 added support for pyclassextends=PyList struct NativeSub and other native types when targeting Python 3.12 and up with the abi3 feature. It was discovered that subclasses of such classes would use the type of the subclass when attempting to access to data of NativeSub contained within...

5.4AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2026/02/13 12:0 p.m.•8 views

`polymarket-client-sdks` was removed from crates.io for malicious code

It appeared to be typosquatting existing crate polymarket-client-sdk sdks vs sdk and attempting to steal credentials from local files. The malicious crate had 1 version published on 2026-02-09 and had been downloaded only 33 times. There were no crates depending on this crate on crates.io. Thanks...

5.4AI score
Exploits0
RustSec
RustSec
•added 2026/02/12 12:0 p.m.•13 views

Unsoundness in opt-in ARMv8 assembly backend for `keccak`

Summary The asm! block enabled by the off-by-default asm feature, when enabled on ARMv8 targets, misspecified the operand type for all of its operands, using in for pointers and values which were subsequently mutated by operations performed within the assembly block. Impact It's unclear what...

5.5AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2026/02/11 12:0 p.m.•7 views

Incorrect Length Encoding on KDF Export

Passing values length 65535 to Context::export produces output that disagrees with the RFC 9180 label encoding. In particular the length value is cast to u16 truncating any value exceeding 65535. Impact Applications that use hpke-rs to export very large secrets would experience interoperability...

5.7AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2026/02/11 12:0 p.m.•9 views

Panic When Opening or Sealing on Export-Only Context

Constructing an HPKE Context with the AEAD algorithm set to HpkeExport resulted in a panic when calling Context::seal, or Context::open. This was due to an underflowing integer subtraction when calculating the length of a vector allocation for the AEAD nonce, which would panic on its own in debug...

5.8AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2026/02/08 12:0 p.m.•9 views

Panic in `libcrux-psq` on decryption of malformed AES-GCM ciphertext

The latest releases of the libcrux-psq crate contains the following bug-fix: 1319: Propagate AEADError instead of panicking The issue fixed in 1319 was first reported by Nadim Kobeissi...

5.3AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2026/02/06 12:0 p.m.•8 views

`polymarket-clients-sdk` was removed from crates.io for malicious code

It appeared to be typosquatting existing crate polymarket-client-sdk clients vs client and attempting to steal credentials from local files. The malicious crate had 6 versions published on 2026-02-05 and had been downloaded only 59 times. There were no crates depending on this crate on crates.io...

5.3AI score
Exploits0
RustSec
RustSec
•added 2026/02/05 12:0 p.m.•15 views

Denial of Service via Stack Exhaustion

Impact When user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary,...

6.8CVSS5.4AI score0.00291EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2026/02/05 12:0 p.m.•9 views

Nonce Reuse in HPKE Context

The sequence number that is used to compute the AEAD nonce when using a re-usable HPKE context is incremented after each seal or open operation. This sequence number was stored as a u32 and used regular addition on u32 for the increment, meaning in release mode it would silently wrap around to 0...

5.8AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2026/02/05 12:0 p.m.•7 views

Unnecessary clamping of seed reduces seed entropy to 251 bits

The latest releases of the libcrux-ed25519 crate contains the following bug-fix: 1320: Remove duplicated clamping step during key generation The issue fixed in 1320 was first reported by Nadim Kobeissi...

5.3AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2026/02/04 12:0 p.m.•11 views

Missing Check for All-Zero X25519 Shared Secret

Computing an X25519 shared secret with x25519dalek::StaticSecret::diffiehellman does not include the check that the key exchange was contributory, i.e. does not ensure on its own that the resulting shared secret is non-zero. Impact RFC 9180 mandates that implementations of HPKE must check for all...

5.8AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2026/02/03 12:0 p.m.•8 views

Integer overflow in `BytesMut::reserve`

In the unique reclaim path of BytesMut::reserve, the condition rs if vcapacity = newcap + offset uses an unchecked addition. When newcap + offset overflows usize in release builds, this condition may incorrectly pass, causing self.cap to be set to a value that exceeds the actual allocated capacit...

7.5CVSS5.4AI score0.00559EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2026/02/02 12:0 p.m.•9 views

Potential undefined behavior when dereferencing Buf struct

if we dereference the Buf struct right after calling new or default on Buf struct, it passes Null Pointer to the unsafe function slice::fromrawparts. Based on the safety section documentation of function, data must be non-null and aligned even for zero-length slices or slices of ZSTs. Thus, passi...

5.4AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2026/01/26 12:0 p.m.•6 views

X25519 secret validation did not check buffer length or clamping

The latest releases of the libcrux-ecdh crate contains the following bug-fix: 1301: Check length and clamping in X25519 secret validation. This is a breaking change since errors are now raised on unclamped X25519 secrets or inputs of the wrong length...

5.4AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2026/01/26 12:0 p.m.•8 views

Wasmtime segfault or unused out-of-sandbox load with `f64.copysign` operator on x86-64

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-vc8c-j3xm-xj73 For more information see the GitHub-hosted security advisory...

5.5CVSS5.9AI score0.00214EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2026/01/26 12:0 p.m.•7 views

Incorrect X25519 clamping check rejects all secrets on import

The latest releases of the libcrux-psq crate contains the following bug-fix: 1301: Fix broken clamping check for imported X25519 secret keys...

5.3AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2026/01/25 12:0 p.m.•9 views

Potential use-after-free in `oneshot` when used asynchronously

There is a race condition that can lead to a use-after-free if a oneshot::Receiver is polled but then dropped instead of polled to completion. This could happen if the receiver future was cancelled while receiving, for example by being wrapped in a timeout future or similar. When the Receiver is...

5.5AI score
Exploits0Affected Software1
Total number of security vulnerabilities1141