Lucene search
K
RustsecRecent

1141 matches found

RustSec
RustSec
added 2025/03/05 12:0 p.m.9 views

Versions of *ring* prior to 0.17 are unmaintained.

ring 0.16.20 was released over 4 years ago and isn't maintained, tested, etc. Additionally, the project's general policy is to only patch the latest release, which is 0.17.12 now. It will be difficult for anybody to backport future fixes to versions earlier than 0.17.10 due to license changes...

7.1AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/03/04 12:0 p.m.17 views

`backoff` is unmaintained.

The backoff crate is no longer actively maintained. For exponential backoffs/retrying, you can use the backon crate...

7.1AI score
Exploits0
RustSec
RustSec
added 2025/03/04 12:0 p.m.6 views

`openpgp-card-sequoia` is unmaintained.

The openpgp-card-sequoia crate is no longer actively maintained. You can use the openpgp-card-rpgp crate for OpenPGP card client functionality instead...

7.2AI score
Exploits0
RustSec
RustSec
added 2025/02/24 12:0 p.m.8 views

Openh264 Decoding Functions Heap Overflow Vulnerability

OpenH264 recently reported a heap overflow that was fixed in upstream 63db555 and integrated into our 0.6.6 release. For users relying on Cisco's pre-compiled DLL, we also published 0.8.0, which is compatible with their latest fixed DLL version 2.6.0. In other words: - if you rely on our source...

8.6CVSS7AI score0.00639EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2025/02/21 12:0 p.m.7 views

resolve is unmaintained

resolve crate's GitHub repository is archived with no commits for seven years. Latest crates.io release is also seven years old. Possible alternatives hickory-resolver...

7.2AI score
Exploits0
RustSec
RustSec
added 2025/02/20 12:0 p.m.8 views

*ring* is unmaintained

The author has announced an indefinite hiatus in its development, noting that any reported security vulnerabilities may go unaddressed for prolonged periods of time. Update: security maintenance only After this advisory was published, the author graciously agreed to give access to the rustls team...

7.4AI score
Exploits0
RustSec
RustSec
added 2025/02/16 12:0 p.m.5 views

Denial of Service via malicious Web Push endpoint

Prior to version 0.10.3, the built-in clients of the web-push crate eagerly allocated memory based on the Content-Length header returned by the Web Push endpoint. Malicious Web Push endpoints could return a large Content-Length without ever having to send as much data, leading to denial of servic...

4CVSS7AI score0.00331EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2025/02/15 12:0 p.m.9 views

`sophosfirewall-python` was removed from crates.io for malicious code

sophosfirewall-python was part of a campaign that attempted to exfiltrate environmental data from the host. The malicious crate had 6 versions published in February 2025, and had no evidence of actual usage. This crate had no dependencies on crates.io...

5.9AI score
Exploits0
RustSec
RustSec
added 2025/02/10 12:0 p.m.23 views

totally-safe introduces memory vulnerabilities in safe Rust

totally-safe provides unsound APIs that exploit a soundness bug in rustc: https://github.com/rust-lang/rust/issues/25860...

7.1AI score
Exploits0
RustSec
RustSec
added 2025/02/10 12:0 p.m.18 views

cve-rs introduces memory vulnerabilities in safe Rust

This crate is a joke and should never be used. cve-rs provides demonstrations of common memory vulnerabilities such as buffer overflows and segfaults implemented completely within safe Rust. Internally, this crate does not use unsafe code, it instead exploits a soundness bug in rustc:...

7.4AI score
Exploits0
RustSec
RustSec
added 2025/02/10 12:0 p.m.19 views

totally-safe-transmute allows transmuting any type to any other type in safe Rust

This crate is a toy and should never be used. It showcases a known soundness issue https://github.com/rust-lang/rust/issues/32670 that will never get fixed. In short, Linux provides a file called /proc/self/mem which can be used by a program to modify its own memory. This library modifies an enum...

7AI score
Exploits0
RustSec
RustSec
added 2025/02/10 12:0 p.m.6 views

`rands` was removed from crates.io for malicious code

This crate attempted to typosquat the rand crate, and would link in a malware payload on macOS and Linux hosts when built. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longer available. The related...

5.8AI score
Exploits0
RustSec
RustSec
added 2025/02/07 12:0 p.m.11 views

Hickory DNS failure to verify self-signed RRSIG for DNSKEYs

Summary The DNSSEC validation routines treat entire RRsets of DNSKEY records as trusted once they have established trust in only one of the DNSKEYs. As a result, if a zone includes a DNSKEY with a public key that matches a configured trust anchor, all keys in that zone will be trusted to...

7.3AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/02/02 12:0 p.m.7 views

ssl::select_next_proto use after free

In openssl versions before 0.10.70, ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the server buffer's lifetime is shorter than the client buffer's, this can cause a use after free. This coul...

6.3CVSS7.4AI score0.0065EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2025/01/30 12:0 p.m.9 views

`jfrog_quotes` was removed from crates.io for malicious code

jfrogquotes was part of a campaign that attempted to exfiltrate environmental data from the host. The malicious crate had 1 version published in January 2025, and had no evidence of actual usage. This crate had no dependencies on crates.io...

5.9AI score
Exploits0
RustSec
RustSec
added 2025/01/30 12:0 p.m.8 views

`custom-req-on-workers` was removed from crates.io for malicious code

custom-req-on-workers was part of a campaign that attempted to exfiltrate environmental data from the host. The malicious crate had 1 version published in January 2025, and had no evidence of actual usage. This crate had no dependencies on crates.io...

5.9AI score
Exploits0
RustSec
RustSec
added 2025/01/18 12:0 p.m.7 views

gix-worktree-state nonexclusive checkout sets executable files world-writable

Summary gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. This causes files in a repository to be world-writable in some...

5CVSS7.2AI score0.00361EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2025/01/15 12:0 p.m.6 views

`root` appended to group listings

Affected versions append root to group listings, unless the correct listing has exactly 1024 groups. This affects both: - The supplementary groups of a user - The group access list of the current process If the caller uses this information for access control, this may lead to privilege escalation...

7.1CVSS6.8AI score0.00166EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2025/01/14 12:0 p.m.8 views

libsecp256k1 is unmaintained

The maintainers recommend using k256 instead...

5.8AI score
Exploits0
RustSec
RustSec
added 2025/01/13 12:0 p.m.5 views

registry is unmaintained

The author has archived the GitHub repository and mentions deprecation in project's README. Possible alternatives windows-registry...

7.2AI score
Exploits0
RustSec
RustSec
added 2025/01/13 12:0 p.m.5 views

Segmentation fault due to lack of bound check

In this case, the "fastfloat2::common::AsciiStr::first" method within the "AsciiStr" struct uses the unsafe keyword to reading from memory without performing bounds checking. Specifically, it directly dereferences a pointer offset by "self.ptr". Because of the above reason, the method accesses...

7.4AI score
Exploits0Affected Software1
RustSec
RustSec
added 2025/01/13 12:0 p.m.9 views

Segmentation fault due to lack of bound check

In this case, the "fastfloat::common::AsciiStr::first" method within the "AsciiStr" struct uses the unsafe keyword to reading from memory without performing bounds checking. Specifically, it directly dereferences a pointer offset by "self.ptr". Because of the above reason, the method accesses...

7.5AI score
Exploits0
RustSec
RustSec
added 2025/01/13 12:0 p.m.5 views

Out of bounds write triggered by crafted coverage data

Function grcov::covdir::getcoverage uses the unsafe function getuncheckedmut without validating that the index is in bounds. This results in memory corruption, and could potentially allow arbitrary code execution provided that an attacker can feed the tool crafted coverage data...

7.6AI score
Exploits0Affected Software1
RustSec
RustSec
added 2024/12/28 12:0 p.m.8 views

Use of insecure cryptographic algorithms

This crate uses a number of cryptographic algorithms that are no longer considered secure and it uses them in ways that do not guarantee the integrity of the encrypted data. MagicCrypt64 uses the insecure DES block cipher in CBC mode without authentication. This allows for practical brute force a...

7AI score
Exploits0
RustSec
RustSec
added 2024/12/23 12:0 p.m.4 views

Unsound usages of `core::slice::from_raw_parts`

We consider asslice and asslicemut unsound because: the pointer with any bit patterns could be cast to the slice of arbitrary types. The pointer could be created by unsafe new and deprecated fromparts. We consider that fromparts should be removed in latest version because it will help trigger...

7.2AI score
Exploits0Affected Software1
RustSec
RustSec
added 2024/12/19 12:0 p.m.5 views

Unsound usages of `Vec::from_raw_parts`

The library provides a public safe API transmutevecasbytes, which incorrectly assumes that any generic type T could have stable layout, causing to uninitialized memory exposure if the users pass any types with padding bytes as T and cast it to u8 pointer. In the issue, we develop a PoC to show...

7AI score
Exploits0Affected Software1
RustSec
RustSec
added 2024/12/19 12:0 p.m.4 views

Unsound usages of `core::slice::from_raw_parts_mut`

The library breaks the safety assumptions when using unsafe API slice::fromrawpartsmut. The pointer passed to fromrawpartsmut is misaligned by casting u8 to u16 raw pointer directly, which is unsound. The bug is patched by using alignoffset, which could make sure the memory address is aligned to ...

7.2AI score
Exploits0Affected Software1
RustSec
RustSec
added 2024/12/19 12:0 p.m.4 views

Unsound usages of `u8` type casting

The library provides a safe public API unpack to cast u8 array to arbitrary types, which can cause to undefined behaviors. The length check of array can only prevent out-of-bound access on the return type. However, it can't prevent misaligned pointer when casting u8 pointer to a type aligned to...

7.1AI score
Exploits0Affected Software1
RustSec
RustSec
added 2024/12/18 12:0 p.m.7 views

Malicious plugin names, recipients, or identities can cause arbitrary binary execution

A plugin name containing a path separator may allow an attacker to execute an arbitrary binary. Such a plugin name can be provided to the rage CLI through an attacker-controlled recipient or identity string, or an attacker-controlled plugin name via the -j flag. On UNIX systems, a directory...

7.3AI score
Exploits0Affected Software1
RustSec
RustSec
added 2024/12/18 12:0 p.m.6 views

Malicious plugin names, recipients, or identities can cause arbitrary binary execution

A plugin name containing a path separator may allow an attacker to execute an arbitrary binary. Such a plugin name can be provided through an attacker-controlled input to the following age APIs when the plugin feature flag is enabled: - age::plugin::Identity::fromstr or equivalently str::parse:: ...

7.3AI score
Exploits0Affected Software1
RustSec
RustSec
added 2024/12/12 12:0 p.m.16 views

Crash due to uncontrolled recursion in protobuf crate

Affected version of this crate did not properly parse unknown fields when parsing a user-supplied input. This allows an attacker to cause a stack overflow when parsing the mssage on untrusted data...

5.9CVSS7.4AI score0.0038EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2024/12/09 12:0 p.m.5 views

`idna` accepts Punycode labels that do not produce any non-ASCII when decoded

idna 0.5.0 and earlier accepts Punycode labels that do not produce any non-ASCII output, which means that either ASCII labels or the empty root label can be masked such that they appear unequal without IDNA processing or when processed with a different implementation and equal when processed with...

8.8CVSS7.2AI score0.00201EPSS
Exploits1Affected Software1
RustSec
RustSec
added 2024/12/09 12:0 p.m.7 views

gtk-layer-shell GTK3 bindings - no longer maintained

The gtk-layer-shell GTK3 bindings are no longer maintained. The maintainers have archived the repository, and added a note to the crate description and its README.md that the crates are no longer maintained. Please take a look at gtk4-layer-shell instead...

7.1AI score
Exploits0
RustSec
RustSec
added 2024/12/09 12:0 p.m.6 views

gtk-layer-shell-sys GTK3 bindings - no longer maintained

The gtk-layer-shell-sys GTK3 bindings are no longer maintained. The maintainers have archived the repository, and added a note to the crate description and its README.md that the crates are no longer maintained. Please take a look at gtk4-layer-shell instead...

7.1AI score
Exploits0
RustSec
RustSec
added 2024/12/05 12:0 p.m.3 views

Panics on Malformed Untrusted Input

During a security audit, Radically Open Security discovered several reachable edge cases which allow an attacker to trigger rpgp crashes by providing crafted data. Impact When processing malformed input, rpgp can run into Rust panics which halt the program. This can happen in the following...

7.5CVSS7AI score0.00448EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2024/12/05 12:0 p.m.5 views

Undefined behaviour in `kvm_ioctls::ioctls::vm::VmFd::create_device`

An issue was identified in the VmFd::createdevice function, leading to undefined behavior and miscompilations on rustc 1.82.0 and newer due to the function's violation of Rust's pointer safety rules. The function downcasted a mutable reference to its struct kvmcreatedevice argument to an immutabl...

7.3AI score
Exploits0Affected Software1
RustSec
RustSec
added 2024/12/04 12:0 p.m.7 views

Build corruption when using `PYO3_CONFIG_FILE` environment variable

In PyO3 0.23.0 the PYO3CONFIGFILE environment variable used to configure builds regressed such that changing the environment variable would no longer trigger PyO3 to reconfigure and recompile. In combination with workflows using tools such as maturin to build for multiple versions in a single...

7.1AI score
Exploits0Affected Software1
RustSec
RustSec
added 2024/12/04 12:0 p.m.5 views

Unsound usages of `std::slice::from_raw_parts`

The library breaks the safety assumptions when using unsafe API std::slice::fromrawparts. First, when using the API in iterator implementation TempFdArrayIterator.next, generic type could be any type, which would create and pass a misaligned pointer to the unsafe API. Second, when validating the...

7.5AI score
Exploits0Affected Software1
RustSec
RustSec
added 2024/11/28 12:0 p.m.6 views

`ruzstd` uninit and out-of-bounds memory reads

Affected versions of ruzstd miscalculate the length of the allocated and init section of its internal RingBuffer, leading to uninitialized or out-of-bounds reads in copybytesovershooting of up to 15 bytes. This may result in up to 15 bytes of memory contents being written into the decoded data wh...

7AI score
Exploits0Affected Software1
RustSec
RustSec
added 2024/11/22 12:0 p.m.14 views

rustls network-reachable panic in `Acceptor::accept`

A bug introduced in rustls 0.23.13 leads to a panic if the received TLS ClientHello is fragmented. Only servers that use rustls::server::Acceptor::accept are affected. Servers that use tokio-rustls's LazyConfigAcceptor API are affected. Servers that use tokio-rustls's TlsAcceptor API are not...

7.5CVSS7AI score0.00707EPSS
Exploits1Affected Software1
RustSec
RustSec
added 2024/11/16 12:0 p.m.6 views

Bias of Polynomial Coefficients in Secret Sharing

Affected versions of this crate allowed for a bias when generating random polynomials for Shamir Secret Sharing, where instead of being within the range 0, 255 they were instead in the range 1, 255. A description from Cure53, who originally found the issue, is available: The correct method to...

7AI score
Exploits0
RustSec
RustSec
added 2024/11/14 12:0 p.m.5 views

Denial of service because of stack overflow with malicious decompression input

A denial of service vulnerability was found in zlib-rs, triggered by specially constructed input. This input causes a stack overflow, resulting in the process using zlib-rs to crash. Impact Due to the way LLVM handles the zlib-rs codebase, tail calls were not guaranteed. This caused certain input...

7.6AI score
Exploits0Affected Software1
RustSec
RustSec
added 2024/11/05 12:0 p.m.4 views

cap-primitives doesn't fully sandbox all the Windows device filenames

Impact cap-primitives's filesystem sandbox implementation on Windows blocks access to special device filenames such as "COM1", "COM2", "LPT0", "LPT1", and so on, however it did not block access to the special device filenames which use superscript digits, such as "COM¹", "COM²", "LPT⁰", "LPT¹", a...

2.3CVSS6.8AI score0.0056EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2024/11/02 12:0 p.m.3 views

Wasmtime doesn't fully sandbox all the Windows device filenames

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-c2f5-jxjv-2hh8. For more information see the GitHub-hosted security advisory...

10CVSS7AI score0.00812EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2024/10/31 12:0 p.m.5 views

Multiple soundness issues

fast-float contains multiple soundness issues: 1. Undefined behavior when checking input length, which has been merged but no package pubished. 1. Many functions marked as safe with non-local safety guarantees The library is also unmaintained. Alternatives For quickly parsing floating-point numbe...

7.2AI score
Exploits0
RustSec
RustSec
added 2024/10/24 12:0 p.m.9 views

Replaced by `pqcrypto-mldsa`

This crate has been replaced by pqcrypto-mldsa, which provides a FIPS204-compatible implementation of ML-DSA...

7.1AI score
Exploits0
RustSec
RustSec
added 2024/10/24 12:0 p.m.7 views

Replaced by `pqcrypto-mlkem`

This crate has been replaced by pqcrypto-mlkem, which provides a FIPS203-compatible implementation of ML-KEM...

7.1AI score
Exploits0
RustSec
RustSec
added 2024/10/12 12:0 p.m.5 views

Risk of use-after-free in `borrowed` reads from Python weak references

The family of functions to read "borrowed" values from Python weak references were fundamentally unsound, because the weak reference does itself not have ownership of the value. At any point the last strong reference could be cleared and the borrowed value would become dangling. In PyO3 0.22.4...

5.3CVSS6.9AI score0.00204EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2024/10/11 12:0 p.m.4 views

Borsh serialization of HashMap is non-canonical

The borsh serialization of the HashMap did not follow the borsh specification. It potentially produced non-canonical encodings dependent on insertion order. It also did not perform canonicty checks on decoding. This can result in consensus splits and cause equivalent objects to be considered...

7.1AI score
Exploits0Affected Software1
RustSec
RustSec
added 2024/10/07 12:0 p.m.19 views

paste - no longer maintained

The creator of the crate paste has stated in the README.md that this project is not longer maintained as well as archived the repository Possible Alternatives - pastey: a fork of paste and is aimed to be a drop-in replacement with additional features for paste crate - withbuiltinmacros: crate...

5.9AI score
Exploits0
Total number of security vulnerabilities1141