C/C++>> rust-security>> 返回
项目作者: xxg1413

项目描述 :
Rust语言安全相关分析
高级语言: Rust
项目地址: git://github.com/xxg1413/rust-security.git
创建时间: 2018-10-31T05:44:01Z
项目社区:https://github.com/xxg1413/rust-security
开源协议:Apache License 2.0
下载


Rust-Security

Rust Language Security

execrices: rust-ctf

CVE

Rust-lang

ID RUSTSEC-ID CVE-ID Description Writeup
RUSTSEC-2022-0001 CVE-2022-21658 std::fs::remove_dir_allstandard library function is vulneable a race condition enabling symlink following (CWE-363).
RUSTSEC-2021-0001 CVE-2020-26297 XSS in mdBook’s search page mdBook搜索界面的XSS
CVE-2019-1010299 Obtain Information None
CVE-2019-16760 Cargo download the wrong dependency None
CVE-2019-12083 IOverflow None
CVE-2018-1000810 Integer Overflow to Buffer Overflow None
CVE-2018-1000657 Buffer Overflow None
CVE-2018-1000622 Uncontrolled Search Path Element None
14 CVE-2017-20004 MutexGuard> must not be Sync None
13 RUSTSEC-2017-0007 lz4-compress is unmaintained None
12 RUSTSEC-2017-0006 Unchecked vector pre-allocation None
11 RUSTSEC-2017-0005 CVE-2017-18589 Large cookie Max-Age values can cause a denial of service None
10 RUSTSEC-2017-0004 CVE-2017-1000430 Integer overflow leads to heap-based buffer overflow in encode_config_buf None
9 RUSTSEC-2017-0003 CVE-2017-18588 Hostname verification skipped when custom root certs used None
8 RUSTSEC-2017-0002 CVE-2017-18587 headers containing newline characters can split messages None
7 RUSTSEC-2017-0001 CVE-2017-10001683 scalarmult() vulnerable to degenerate public keys None
6 RUSTSEC-2016-0006 cassandra crate is unmaintained; use cassandra-cpp instead None
5 RUSTSEC-2016-0005 rust-crypto is unmaintained; switch to a modern alternative None
4 RUSTSEC-2016-0004 libusb is unmaintained; use rusb instead None
3 RUSTSEC-2016-0003 CVE-2016-10933 HTTP download and execution allows MitM RCE None
2 RUSTSEC-2016-0002 CVE-2016-10932 HTTPS MitM vulnerability due to lack of hostname verification None
1 RUSTSEC-2016-0001 CVE-2016-10931 SSL/TLS MitM vulnerability due to insecure defaults None
0 CVE-2015-20001 Panic safety violation in BinaryHeap None

Fuzz

Fuzzer

Reference

  • @shnatsel/smoke-testing-rust-http-clients-b8f2ee5db4e6">Smoke-testing Rust HTTP clients
  • @shnatsel/how-ive-found-vulnerability-in-a-popular-rust-crate-and-you-can-too-3db081a67fb">How I’ve found vulnerability in a popular Rust crate
  • @shnatsel/auditing-popular-rust-crates-how-a-one-line-unsafe-has-nearly-ruined-everything-fab2d837ebb1">Auditing popular Rust crates: how a one-line unsafe has nearly ruined everything