Lucene search
K
RustsecRecent

1141 matches found

RustSec
RustSec
added 2025/08/29 12:0 p.m.8 views

Logging user input may result in poisoning logs with ANSI escape sequences

Previous versions of tracing-subscriber were vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged, potentially allowing attackers to: - Manipulate terminal title bars - Clear screens or modif...

2.3CVSS7.6AI score0.00303EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2025/08/26 12:0 p.m.10 views

`statsrelay-protobuf` was removed from crates.io for malicious code

statsrelay-protobuf was part of a campaign that attempted to exfiltrate environmental data from the host. The malicious crate had 1 version published in August 2025, and had no evidence of actual usage. This crate had no dependencies on crates.io...

5.9AI score
Exploits0
RustSec
RustSec
added 2025/08/24 12:0 p.m.5 views

async-std has been discontinued

The async-std has been discontinued. Alternatives: - smol...

7.2AI score
Exploits0
RustSec
RustSec
added 2025/08/14 12:0 p.m.6 views

Multiple memory corruption vulnerabilities in safe APIs

The crate has the following vulnerabilities: - The public trait arenavec::common::AllocHandle allows the return of raw pointers through its methods allocate and allocateorextend. However, the trait is not marked as unsafe, meaning users of the crate may implement it under the assumption that the...

7.1AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/08/14 12:0 p.m.5 views

User-defined implementations of the safe trait scratchpad::Tracking can cause heap buffer overflows

The get and set methods of the public trait scratchpad::Tracking interact with unsafe code regions in the crate, and they influence the computation of addresses returned as raw pointers. However, the trait itself is not marked as unsafe, meaning users may provide custom implementations under the...

7.8AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/08/14 12:0 p.m.6 views

IdMap::from_iter may lead to uninitialized memory being freed on drop

Due to a flaw in the constructor idmap::IdMap::fromiter, ill-formed objects may be created in which the amount of actually initialized memory is less than what is expected by the fields of IdMap. Specifically, the field ids is initialized based on the capacity of the vector values, which is...

7.2AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/08/14 12:0 p.m.11 views

ArrayQueue::push_front is not panic-safe

The safe API arrayqueue::ArrayQueue::pushfront can lead to deallocating uninitialized memory if a panic occurs while invoking the clone method on the passed argument. Specifically, pushfront receives an argument that is intended to be cloned and pushed, whose type implements the Clone trait...

6.9AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/08/12 12:0 p.m.6 views

Out-of-bounds access in `get_disjoint_mut` due to incorrect bounds check

Impact The getdisjointmut method in slab v0.4.10 incorrectly checked if indices were within the slab's capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potential crashes. Patches This has been fixed in slab v0.4.11. Workarounds Avoi...

5.1CVSS7AI score0.00167EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2025/08/05 12:0 p.m.8 views

`xcb::Connection::connect_to_fd*` functions violate I/O safety

The API of xcb::Connection has constructors which allow an arbitrary RawFd to be used as a socket connection. On either failure of these constructors or on the drop of Connection, it closes the associated file descriptor. Thus, a program which uses an OwnedFd such as a UnixStream as the file...

7.2AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/07/29 12:0 p.m.7 views

tsify-next is unmaintained, use tsify instead

The tsify-next crate is not maintained any more; use tsify instead...

7.1AI score
Exploits0
RustSec
RustSec
added 2025/07/18 12:0 p.m.7 views

Possible host crash with host-to-wasm component intrinsics

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-4h67-722j-5pmc For more information see the GitHub-hosted security advisory...

3.1CVSS6.7AI score0.00405EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2025/07/18 12:0 p.m.7 views

Host panic with `fd_renumber` WASIp1 function

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-fm79-3f68-h2fc. For more information see the GitHub-hosted security advisory...

3.5CVSS7AI score0.00299EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2025/07/17 12:0 p.m.10 views

ConstStaticCell could have been used to pass non-Send values to another thread

ConstStaticCell could have been used to pass non-Send values to another thread, because T was not required to be Send while ConstStaticCell is Send. This was corrected by introducing a T: Send bound...

7.1AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/07/11 12:0 p.m.6 views

Uninitialized read after allocating MemBump

The affected function, MemBump::new, would allocate memory without initializing it. Subsequently calling the created value's various alloc methods would then read and write the start of that memory as a Cell which is undefined behavior. Instead, it should zero initialize the start of the allocate...

6.9AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/07/11 12:0 p.m.8 views

matrix-sdk-sqlite: SQL injection vulnerability in `SqliteEventCacheStore::find_event_with_relations`

The SqliteEventCacheStore::findeventwithrelations function constructs SQL queries using format! with unescaped input, allowing an attacker to inject arbitrary SQL. This results in a SQL injection vulnerability...

7.7CVSS8AI score0.00254EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2025/07/04 12:0 p.m.9 views

i_tree allowed out-of-bounds access through safe public node accessors

Affected versions of itree exposed safe public Tree::node and Tree::mutnode methods in the public tree module. These methods accepted an arbitrary u32 index and passed it directly to Vec::getunchecked / getuncheckedmut on the internal node buffer, without validating that the index was in bounds...

5.9AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/06/16 12:0 p.m.11 views

Four unique double-free vulnerabilities triggered via safe APIs

The crate slice-ring-buffer was developed as a fork of slice-deque to continue maintenance and provide security patches, since the latter has been officially unmaintained RUSTSEC-2020-0158. While slice-ring-buffer has addressed some previously reported memory safety issues inherited from its fork...

7.9AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/06/11 12:0 p.m.10 views

matrix-sdk-crypto vulnerable to encrypted event sender spoofing by homeserver administrator

matrix-sdk-crypto versions 0.8.0 up to and including 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those events appear to the recipient as if they were sent by another user. Although th...

4.9CVSS7.2AI score0.00311EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2025/06/03 12:0 p.m.9 views

--allow-read / --allow-write permission bypass in `node:sqlite`

It is possible to bypass Deno's read/write permission checks by using ATTACH DATABASE statement. PoC // poc.js import DatabaseSync from "node:sqlite" const db = new DatabaseSync":memory:"; db.exec"ATTACH DATABASE 'test.db' as test;"; db.exec"CREATE TABLE test.test id INTEGER PRIMARY KEY, name...

9.1CVSS7AI score0.0041EPSS
Exploits1Affected Software1
RustSec
RustSec
added 2025/05/22 12:0 p.m.6 views

Pingora Request Smuggling and Cache Poisoning

Pingora versions prior to 0.5.0 which used the caching functionality in pingora-proxy did not properly drain the downstream request body on cache hits. This allows an attacker to craft malicious HTTP/1.1 requests which could lead to request smuggling or cache poisoning. This flaw was corrected in...

7.4CVSS6.9AI score0.00423EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2025/05/22 12:0 p.m.9 views

Heap Buffer Overflow in the DrainCol Destructor

An off-by-one error in the DrainCol::drop destructor could cause an unsafe memory copy operation to exceed the bounds of the associated vector. The error was related to the size of the data being copied in one of the ptr::copy invocations inside the destructor. When removing the first column from...

7.3AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/05/17 12:0 p.m.11 views

surf is unmaintained

The developer has indicated that the crate is unmaintained. The last release is over three years old from 2021, the crate depends on the deprecated async-std crate and on a very old version of rustls for TLS support. Possible alternatives - reqwest - ureq...

7.2AI score
Exploits0
RustSec
RustSec
added 2025/05/06 12:0 p.m.8 views

Lack of sufficient checks in public API

The following functions in the anon-vec crate are unsound due to insufficient checks on their arguments:: - AnonVec::getref - AnonVec::getmut - AnonVec::removeget The crate was built as a learning project and is not being maintained...

7AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/05/06 12:0 p.m.8 views

soundness issue and unmaintained

FastMap::get lacks sufficient checks to its parameter index and is used to unsafely get a Vec element. fastidmap is unmaintained...

7AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/05/06 12:0 p.m.6 views

soundness issue and unmaintained

wrenrust::macros::defaultrealloc lacks sufficient checks to it pointer parameter which passed into free and realloc wrenrust is unmaintained...

7AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/05/06 12:0 p.m.6 views

soundness issue and unmaintained

shaman::cryptoutil::writeu64vle and other functions mentioned above cannot garantee memory safety of getunchecked later if both length are zero. shaman is unmaintained...

7.3AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/05/04 12:0 p.m.12 views

Unsound issue in Trailer

Our static analyzer find a potential unsound issue in the construction of Trailer, where it doesn't provide enough check to ensure the soundness. trailer/src/lib.rs, Lines 18 to 25 in d474984: pub fn newcapacity: usize - Trailer unsafe let trailer = Trailer::allocatecapacity; let ptr = trailer.pt...

9.8CVSS5.5AI score0.00464EPSS
Exploits1
RustSec
RustSec
added 2025/04/28 12:0 p.m.8 views

rustc-serialize is unmaintained

rustc-serialize will no longer be maintained as declared by the developer. By fuzzing the package, we can identify multiple vulnerabilities. The project has been archived and cannot submit issues. The developer has recommended using the serde crate instead...

7.2AI score
Exploits0
RustSec
RustSec
added 2025/04/28 12:0 p.m.12 views

Panic in mp3-metadata due to the lack of bounds checking

The getid3 methods used by mp3metadata::readfromslice does not perform adequate bounds checking when recreating the tag due to the use of desynchronization. Fixed in Fix index error, released as part of 0.4.0...

7.1AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/04/25 12:0 p.m.7 views

Possible unsound public API

The public accessible struct SyncVec has a public safe method getunchecked. It accept a parameter index and used in the getunchecked without sufficient checks as mentioned here...

7AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/04/24 12:0 p.m.6 views

`DTriangle` accessors may read out of bounds in affected versions

In affected versions, DTriangle::neighborbyorder and DTriangle::vertexbyorder were public safe functions that accepted an arbitrary order value. These functions used order to access fixed-size internal arrays with getunchecked, without checking whether order was within bounds. Calling these metho...

5.8AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/04/24 12:0 p.m.12 views

Out of bounds access in public safe API

Rows::rowunchecked allows out of bounds access to the underlying buffer without sufficient checks. The arrow2 crate is no longer maintained, so there are no plans to fix this issue. Users are advised to migrate to the arrow crate, instead...

7.1AI score
Exploits0
RustSec
RustSec
added 2025/04/24 12:0 p.m.10 views

Unsound public API in unmaintained crate

The following functions in the tantonengine crate are unsound due to lack of sufficient boundary checks in public API: - Stack::offset - ThreadStack::get - RootMoveList::insertscoredepth - RootMoveList::insertscore The tantonengine crate is no longer maintained, so there are no plans to fix this...

7AI score
Exploits0
RustSec
RustSec
added 2025/04/23 12:0 p.m.8 views

Multiple soundness issues in `macroquad`

Several soundness issues have been reported. Resolving them doesn't seem to be considered a priority. In particular, unprincipled use of mutable statics is pervasive throughout the library, making it possible to cause use-after-free in safe code. Currently, no fixed version is available...

7.2AI score
Exploits0
RustSec
RustSec
added 2025/04/23 12:0 p.m.12 views

`VMABuffer::set_data` may allow out-of-bounds writes from safe code

VMABuffer::setdata was a publicly accessible safe function. It accepted an arbitrary offset and a data slice, then used the offset in unsafe pointer arithmetic before copying the slice into a mapped allocation. Affected versions did not check that the requested write range fit within the allocati...

6AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/04/08 12:0 p.m.6 views

crossbeam-channel: double free on Drop

The internal Channel type's Drop method has a race which could, in some circumstances, lead to a double-free. This could result in memory corruption. Quoting from the upstream description in merge request \1187: The problem lies in the fact that dicardallmessages contained two paths that could le...

6.5CVSS6.9AI score0.00484EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2025/04/07 12:0 p.m.11 views

Broadcast channel calls clone in parallel, but does not require `Sync`

The broadcast channel internally calls clone on the stored value when receiving it, and only requires T:Send. This means that using the broadcast channel with values that are Send but not Sync can trigger unsoundness if the clone implementation makes use of the value being !Sync. Thank you to...

6.8AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/04/04 12:0 p.m.8 views

Use-After-Free in `Md::fetch` and `Cipher::fetch`

When a Some... value was passed to the properties argument of either of these functions, a use-after-free would result. In practice this would nearly always result in OpenSSL treating the properties as an empty string due to CString::drop's behavior. The maintainers thank quitbug for reporting th...

7AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/04/03 12:0 p.m.7 views

SHA-1 collision attacks are not detected

Summary gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. Details gitoxide uses the sha1smol or sha1 crate, both of which implement standard SHA-1 without any mitigations for collision attacks. This means that two distinct G...

6.8CVSS7AI score0.00239EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2025/04/01 12:0 p.m.12 views

Risk of buffer overflow in `PyString::from_object`

PyString::fromobject took &str arguments and forwarded them directly to the Python C API without checking for terminating nul bytes. This could lead the Python interpreter to read beyond the end of the &str data and potentially leak contents of the out-of-bounds read by raising a Python exception...

6.9AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/03/27 12:0 p.m.13 views

Public API without sufficient bounds checking

Match::get and Match::ptr lack sufficient bounds checks, leading to potential out of bounds reads...

7.1AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/03/27 12:0 p.m.7 views

`array-init-cursor` in version 0.2.0 and below is unsound when used with types that implement `Drop`

The Drop implementation will get run twice when using the cursor. This issue does not affect you, if you are using only using the crate with types that are Copy such as u8. This issue also does not affect you, if you are only depending on it through the crate planus...

7.1AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/03/27 12:0 p.m.7 views

Safe API can cause heap-buffer-overflow

ffi::nstr should be marked unsafe, since a pointer to a buffer without a trailing 0 value will cause a heap buffer overflow...

7.3AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/03/26 12:0 p.m.34 views

Potential out-of-bounds read with a malformed ELF file and the HashTable API.

Affected versions of this crate only validated the index argument of HashTable::getbucket and HashTable::getchain against the input-controlled bucketcount and chaincount fields, but not against the size of the ELF section. As a result, a malformed ELF file could trigger out-of-bounds reads in a...

7AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/03/23 12:0 p.m.7 views

The `trust-dns` project has been rebranded to `hickory-dns`

The trust-dns-proto crate is now available as hickory-proto...

7.2AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/03/13 12:0 p.m.6 views

Use after free in `Parc` and `Prc` due to missing lifetime constraints

Affected versions of this crate didn't provide sufficient lifetime constraints to conversion functions from alloc::sync::Arc and alloc::rc::Rc, which made it possible to create projections of these reference counted pointers. Unlike the original reference counted pointers, these projections could...

6.7AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/03/12 12:0 p.m.7 views

World Writable Directory in /var/log/below Allows Local Privilege Escalation

Below is a tool for recording and displaying system data like hardware utilization and cgroup information on Linux. Symlink Attack in /var/log/below/errorroot.log Below's systemd service runs with full root privileges. It attempts to create a world-writable directory in /var/log/below. Even if th...

6.8CVSS7.3AI score0.0036EPSS
Exploits22Affected Software1
RustSec
RustSec
added 2025/03/10 12:0 p.m.15 views

`tree-sitter-pkl` was removed from crates.io for malicious code

tree-sitter-pkl was part of a campaign that attempted to exfiltrate environmental data from the host. The malicious crate had 1 version published in March 2025, and had no evidence of actual usage. This crate had no dependencies on crates.io...

5.9AI score
Exploits0
RustSec
RustSec
added 2025/03/08 12:0 p.m.14 views

humantime is unmaintained

Latest humantime crates.io release is four years old and GitHub repository has not seen commits in four years. Question about maintenance status has not gotten any reaction from maintainer: https://github.com/tailhook/humantime/issues/31 Update: maintained again The maintainer has responded and...

7.1AI score
Exploits0
RustSec
RustSec
added 2025/03/06 12:0 p.m.11 views

Some AES functions may panic when overflow checking is enabled.

ring::aead::quic::HeaderProtectionKey::newmask may panic when overflow checking is enabled. In the QUIC protocol, an attacker can induce this panic by sending a specially-crafted packet. Even unintentionally it is likely to occur in 1 out of every 232 packets sent and/or received. On 64-bit targe...

5.3CVSS7.2AI score0.00858EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1141