Lucene search
K
RustsecRecent

1141 matches found

RustSec
RustSec
•added 2026/01/21 12:0 p.m.•11 views

Triton VM Soundness Vulnerability due to Improper Sampling of Randomness

In affected versions of Triton VM, the verifier failed to correctly sample randomness in the FRI sub-protocol. Malicious provers can exploit this to craft proofs for arbitrary statements that this verifier accepts as valid, undermining soundness. Protocols that rely on proofs and the supplied...

5.7AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2026/01/21 12:0 p.m.•12 views

`DynFuture` drop can construct a dangling reference

DynFuture is unsound because its Drop implementation transmutes a trait-object reference into unrelated reference types, which constructs an invalid reference from trait object metadata. This issue was reproduced against dyn-future 3.0.4 under Miri. And the crate is unmaintained...

5.8AI score
Exploits0
RustSec
RustSec
•added 2026/01/19 12:0 p.m.•8 views

Multiple soundness issues in `scaly` safe APIs

Affected versions contain multiple safe APIs that can trigger undefined behavior: - Array::index can perform an out-of-bounds read. - String::getlength can perform an out-of-bounds read. - String::appendcharacter can perform an invalid write. - String::tocstring can perform an out-of-bounds write...

5.9AI score
Exploits0
RustSec
RustSec
•added 2026/01/14 12:0 p.m.•9 views

Non-constant-time code generation on ARM32 targets

Summary While the cmov crate has a special backend for aarch64 which uses special CSEL instructions, on 32-bit ARM it uses a portable pure Rust fallback implementation. This implementation uses a combination of bitwise arithmetic and core::hint::blackbox to attempt to coerce constant-time code...

9.8CVSS6.6AI score0.00498EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2026/01/07 12:0 p.m.•14 views

`IterMut` violates Stacked Borrows by invalidating internal pointer

Affected versions of this crate contain a soundness issue in the IterMut iterator implementation. The IterMut::next and IterMut::nextback methods temporarily create an exclusive reference to the key when dereferencing the internal node pointer. This invalidates the shared pointer held by the...

6.9AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2026/01/05 12:0 p.m.•10 views

Potential Undefined Behaviors in `Arc<T>`/`Rc<T>` impls of `from_value` on OOM

The SharedPointer::alloc implementation for sync::Arc and rc::Rc in rkyv/src/impls/alloc/rc/atomic.rs and rc.rs does not check if the allocator returns a null pointer on OOM Out of Memory. This null pointer can flow through to SharedPointer::fromvalue, which calls Box::fromrawptr with the null...

7.5AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2025/12/30 12:0 p.m.•7 views

theshit vulnerable to unsafe loading of user-owned Python rules when running as root

The application loads custom Python rules and configuration files from user-writable locations e.g., /.config/theshit/ without validating ownership or permissions when executed with elevated privileges. If the tool is invoked with sudo or otherwise runs with an effective UID of root, it continues...

6.7CVSS7.1AI score0.0012EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2025/12/29 12:0 p.m.•7 views

Non-utf8 String can be created with `TimeBuf::as_str`

The function gixdate::parse::TimeBuf::asstr can create an illegal string containing non-utf8 characters. This violates the safety invariant of TimeBuf and can lead to undefined behavior when consuming the string. The bug can be prevented by adding str::fromutf8 to the function TimeBuf::write...

7.1CVSS7.3AI score0.00193EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2025/12/24 12:0 p.m.•6 views

Unsound APIs of public `constant::Reader` and `StructSchema`

The safe API functions constant::Reader::get and StructSchema::new rely on PointerReader::getrootunchecked, which can cause undefined behavior UB by constructing arbitrary words or schemas. Reader::get rust pub fn get&self - Result::Reader // ... // UNSAFE: access words without validation...

6AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2025/12/22 12:0 p.m.•7 views

Unsoundness of safe `reciprocal_mg10`

The function reciprocalmg10 is marked as safe but can trigger undefined behavior out-of-bounds access because it relies on debugassert! for safety checks instead of assert!. When compiled in release mode, the debugassert! is optimized out, potentially allowing invalid inputs to cause memory...

7.3AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2025/12/16 12:0 p.m.•30 views

Bincode is unmaintained

Due to a doxxing and harassment incident, the bincode team has taken the decision to cease development permanently. The team considers version 1.3.3 a complete version of bincode that is not in need of any updates. Alternatives to consider wincode postcard bitcode rkyv...

6.9AI score
Exploits0
RustSec
RustSec
•added 2025/12/12 12:0 p.m.•8 views

Timing side-channel in ML-DSA decomposition

Summary A timing side-channel was discovered in the Decompose algorithm which is used during ML-DSA signing to generate hints for the signature. Details The analysis was performed using a constant-time analyzer that examines compiled assembly code for instructions with data-dependent timing...

6.4CVSS6.1AI score0.00173EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2025/12/09 12:0 p.m.•11 views

`finch_cli_rust` was removed from crates.io for malicious code

This attempts to typosquat the existing crate finchcli to steal credentials from local files. The malicious crate had 1 version published on 2025-12-08 and had been downloaded 18 times. There were no crates depending on this crate on crates.io. Thanks to Matthias Zepper of NGI Sweden for reportin...

5.5AI score
Exploits0
RustSec
RustSec
•added 2025/12/09 12:0 p.m.•7 views

`finch-rst` was removed from crates.io for malicious code

This attempts to typosquat the existing crate finch to steal credentials from local files. The malicious crate had 1 version published on 2025-12-08 and had been downloaded 21 times. There were no crates depending on this crate on crates.io. Thanks to Matthias Zepper of NGI Sweden for reporting...

5.5AI score
Exploits0
RustSec
RustSec
•added 2025/12/09 12:0 p.m.•12 views

`sha-rst` was removed from crates.io for malicious code

This crate was used as a dependency by finchclirust and finch-rst and contained a malware payload to exfiltrate credentials. The malicious crate had 1 version published on 2025-12-08 and had been downloaded 22 times. Other than the other crates above that were part of the attack, no other crates...

5.5AI score
Exploits0
RustSec
RustSec
•added 2025/12/08 12:0 p.m.•6 views

matrix-sdk-base: Denial of service due to custom `m.room.join_rules` events

The matrix-sdk-base crate is unable to handle responses that include custom m.room.joinrules values due to a serialization bug. This can be exploited to cause a denial-of-service condition, if a user is invited to a room with non-standard join rules, the crate's sync process will stall, preventin...

7.5CVSS6.8AI score0.00358EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2025/12/05 12:0 p.m.•7 views

`sha-rust` was removed from crates.io for malicious code

It appeared to be attempting to steal credentials from local files...

5.3AI score
Exploits0
RustSec
RustSec
•added 2025/12/05 12:0 p.m.•8 views

`finch-rust` was removed from crates.io for malicious code

It depended on the sha-rust crate, which appeared to be attempting to steal credentials from local files...

5.3AI score
Exploits0
RustSec
RustSec
•added 2025/12/04 12:0 p.m.•9 views

Incorrect calculation on aarch64

On platforms without the core::arch::aarch64::vxarqu64 intrinsic, an unverified fallback in libcrux-intrinsics v0.0.3 passed incorrect arguments and produced wrong results. This corrupted SHA-3 digests and caused libcrux-ml-kem and libcrux-ml-dsa to sample incorrectly, yielding incorrect shared...

7AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2025/12/03 12:0 p.m.•6 views

`evm-units` was removed from crates.io for malicious code

It appeared to be attempting to steal cryptocurrency...

5.3AI score
Exploits0
RustSec
RustSec
•added 2025/12/03 12:0 p.m.•7 views

`uniswap-utils` was removed from crates.io for malicious code

It depended on the evm-units crate, which appeared to be attempting to steal cryptocurrency...

5.3AI score
Exploits0
RustSec
RustSec
•added 2025/11/28 12:0 p.m.•8 views

`Reader::open_mmap` unsoundly marks unsafe memmap operation as safe

maxminddb prior to version 0.27 declared Reader::openmmap as safe despite wrapping an inherently unsafe memmap2 operation with no extra step done to guarantee safety. This could have led to undefined behaviour if the file were to be modified on disk while the memory map was still active...

6.8AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2025/11/28 12:0 p.m.•9 views

rustls-pemfile is unmaintained

The rustls-pemfile crate is no longer maintained. The repository has been archived since August 2025, and users are encouraged to depend directly on the underlying PEM parsing code included in rustls-pki-types since 1.9.0. The latest version of rustls-pemfile is in fact a thin wrapper around the...

7.2AI score
Exploits0
RustSec
RustSec
•added 2025/11/24 12:0 p.m.•8 views

Missing check in ZK proof in CGGMP21 Threshold Signing Protocol

Vulnerability concerns a missing check in the ZK proof that enables an attack in which single malicious signer can reconstruct full private key. Patches cggmp21 v0.6.3 is a patch release that contains a fix that introduces this specific missing check. However, we recommend upgrading to cggmp24...

9.3CVSS6.7AI score0.00163EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2025/11/24 12:0 p.m.•6 views

CGGMP21 presignatures can be used in the way that significantly reduces security

This attack is against presignatures used in very specific context: Presignatures + HD wallets derivation: security level reduces to 85 bits \ Previously you could generate a presignature, and then choose a HD derivation path while issuing a partial signature via Presignature::setderivationpath,...

8.2CVSS6.5AI score0.00181EPSS
Exploits0
RustSec
RustSec
•added 2025/11/24 12:0 p.m.•8 views

CGGMP21 presignatures can be used in the way that significantly reduces security

This attack is against presignatures used in very specific context: Presignatures + HD wallets derivation: security level reduces to 85 bits \ Previously you could generate a presignature, and then choose a HD derivation path while issuing a partial signature via Presignature::setderivationpath,...

8.2CVSS6.5AI score0.00181EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2025/11/24 12:0 p.m.•7 views

Missing check in ZK proof in CGGMP21 Threshold Signing Protocol

Vulnerability concerns a missing check in the ZK proof that enables an attack in which single malicious signer can reconstruct full private key. Patches cggmp21 v0.6.3 is a patch release that contains a fix that introduces this specific missing check. However, we recommend upgrading to cggmp24...

9.3CVSS6.7AI score0.00163EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2025/11/22 12:0 p.m.•7 views

Resource Exhaustion (Memory and Handle Leaks) on Windows and macOS

Affected versions of this crate contain resource leaks when querying thread counts on Windows and Apple platforms. Windows The threadamount function calls CreateToolhelp32Snapshot but fails to close the returned HANDLE using CloseHandle. Repeated calls to this function will cause the handle count...

8.7CVSS6.6AI score0.00309EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2025/11/17 12:0 p.m.•6 views

rand_os crate is unmaintained

The randos crate is deprecated and no longer actively maintained, as OsRng is now part of randcore. If you are using this crate, consider upgrading to randcore 0.5.1 or higher...

7AI score
Exploits0
RustSec
RustSec
•added 2025/11/17 12:0 p.m.•10 views

number_prefix crate is unmaintained

The numberprefix crate is no longer actively maintained. If you rely on this crate, consider switching to a recommended alternative. Recommended alternatives - unit-prefix...

6.9AI score
Exploits0
RustSec
RustSec
•added 2025/11/17 12:0 p.m.•17 views

cargo-asm crate is unmaintained

The cargo-asm crate is deprecated and no longer actively maintained. If you rely on this crate, consider switching to a recommended alternative. Recommended alternatives - cargo-show-asm...

6.9AI score
Exploits0
RustSec
RustSec
•added 2025/11/17 12:0 p.m.•9 views

gcc crate is unmaintained

The gcc crate is deprecated and no longer actively maintained. If you rely on this crate, consider switching to a recommended alternative. Recommended alternatives - cc...

6.9AI score
Exploits0
RustSec
RustSec
•added 2025/11/17 12:0 p.m.•6 views

hexchat crate is unsound and unmaintained

All versions of this crate have function deregistercommand which can result in use after free. This is unsound. In addition, all versions since 0.3.0 have "safe" macros, which are documented as unsafe to use in threads. In addition, the hexchat crate is no longer actively maintained. If you rely ...

5.4AI score
Exploits0
RustSec
RustSec
•added 2025/11/17 12:0 p.m.•8 views

opentelemetry-jaeger crate is unmaintained

The opentelemetry-jaeger crate is deprecated and no longer actively maintained. The Jaeger propagator implementation has been migrated to opentelemetry-jaeger-propagator. More information and examples of using OTLP with Jaeger can be found in Introducing native support for OpenTelemetry in Jaeger...

6.7AI score
Exploits0
RustSec
RustSec
•added 2025/11/16 12:0 p.m.•7 views

json5 crate is unmaintained

The json5 crate is no longer actively maintained. If you rely on this crate, consider switching to a recommended alternative. Recommended alternatives - serdejson5 - jsonc-parser - json-five...

6.9AI score
Exploits0
RustSec
RustSec
•added 2025/11/11 12:0 p.m.•8 views

Unsound API access to a WebAssembly shared linear memory

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-hc7m-r6v8-hg9q For more information see the GitHub-hosted security advisory...

1.8CVSS6.5AI score0.00107EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2025/11/10 12:0 p.m.•10 views

tandem is unmaintained

The tandem crates in https://github.com/sine-fdn are no longer maintained by the SINE Foundation. The repository has been archived. Recommended alternative We are continuing our work on SMPC by implementing our secure multi-party computation engine Polytune...

7AI score
Exploits0
RustSec
RustSec
•added 2025/11/10 12:0 p.m.•8 views

tandem_http_client is unmaintained

The tandem crates in https://github.com/sine-fdn are no longer maintained by the SINE Foundation. The repository has been archived. Recommended alternative We are continuing our work on SMPC by implementing our secure multi-party computation engine Polytune...

7AI score
Exploits0
RustSec
RustSec
•added 2025/11/10 12:0 p.m.•7 views

tandem_garble_interop is unmaintained

The tandem crates in https://github.com/sine-fdn are no longer maintained by the SINE Foundation. The repository has been archived. Recommended alternative We are continuing our work on SMPC by implementing our secure multi-party computation engine Polytune...

7AI score
Exploits0
RustSec
RustSec
•added 2025/11/10 12:0 p.m.•8 views

tandem_http_server is unmaintained

The tandem crates in https://github.com/sine-fdn are no longer maintained by the SINE Foundation. The repository has been archived. Recommended alternative We are continuing our work on SMPC by implementing our secure multi-party computation engine Polytune...

7AI score
Exploits0
RustSec
RustSec
•added 2025/11/07 12:0 p.m.•5 views

Underflow in aes_key_unwrap function

The aeskeyunwrap function would panic if passed a ciphertext that was too short. In a debug build, it would panic due to a subtraction underflow. In a release build, it would use the small negative quantity to allocate a vector. Since the allocator expects an unsigned quantity, the negative value...

5.3CVSS6.9AI score0.00302EPSS
Exploits0Affected Software1
RustSec
RustSec
•added 2025/11/04 12:0 p.m.•9 views

`replit_ruspty` was removed from crates.io for malicious code

The OpenSSF Package Analysis project identified 'replitruspty' @ 1.0.0 crates.io as malicious. Version 2.0.0 was also published with malware. It is considered malicious because: The package communicates with a domain associated with malicious activity. The package executes one or more commands...

5.8AI score
Exploits0
RustSec
RustSec
•added 2025/10/31 12:0 p.m.•6 views

Lack of sufficient checks in public API

The affected function is unsound due to insufficient checks on public struct field...

6.9AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2025/10/23 12:0 p.m.•8 views

Multiple soundness issues in `stackvector`

Affected versions of stackvector contained multiple soundness issues that could allow safe Rust code to trigger undefined behavior. One issue was that StackVec::length was exposed as a public field. Safe Rust code could set length to a value larger than the backing array capacity. Other safe...

5.9AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2025/10/21 12:0 p.m.•9 views

Uninitialized memory exposure in string reading functions

Multiple string reading functions expose uninitialized memory by setting length to capacity when no null terminator is found. This allows reading uninitialized memory which may contain sensitive data from previous allocations. The ncurses-rs repository is archived and unmaintained...

6.9AI score
Exploits0
RustSec
RustSec
•added 2025/10/21 12:0 p.m.•8 views

Uninitialized memory exposure in any_as_u8_slice

The safe function anyasu8slice can create byte slices that reference uninitialized memory when used with types containing padding bytes. The function uses slice::fromrawparts to create a &u8 covering the entire size of a type, including padding bytes. According to Rust's documentation, fromrawpar...

7.2AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2025/10/21 12:0 p.m.•7 views

astral-tokio-tar Vulnerable to PAX Header Desynchronization

Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives with PAX-extended headers containing size overrides, the parser incorrect...

8.1CVSS7.1AI score0.00688EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2025/10/21 12:0 p.m.•17 views

`tokio-tar` parses PAX extended headers incorrectly, allows file smuggling

The archive reader incorrectly handles PAX extended headers, when the ustar header incorrectly specifies zero size size=000000000000, while a PAX header specifies a non-zero size, tokio-tar::Archive is going to read the file content as tar entry header. This can be used by a tar file to present...

8.1CVSS6.8AI score0.00688EPSS
Exploits1Affected Software1
RustSec
RustSec
•added 2025/10/21 12:0 p.m.•7 views

Out-of-bounds memory access in binary_read_to_ref and binary_write_from_ref

Safe functions accept a single &T or &mut T but multiply by n to create slices extending beyond allocated memory when n 1. These functions use fromrawparts to create slices larger than the underlying allocation, violating memory safety. The binaryvecio repository is archived and unmaintained...

6.9AI score
Exploits0Affected Software1
RustSec
RustSec
•added 2025/10/21 12:0 p.m.•9 views

Uninitialized memory exposure in create_ring_buffer

The safe function createringbuffer allocates a buffer using Vec::withcapacity followed by setlen, creating a Box containing uninitialized memory. This leads to undefined behavior when functions like writeslices create typed slices e.g., &mut bool over the uninitialized memory, violating Rust's...

7AI score
Exploits0Affected Software1
Total number of security vulnerabilities1141