rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

RUSTSEC-2025-0028: Indicate 'cve-rs' is a joke

Browse Source
This commit is contained in:
Speykious
2025-05-06 22:55:11 +02:00
committed by Dirkjan Ochtman
parent 91f650dad5
commit 6c750492d5
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
crates/cve-rs/RUSTSEC-2025-0028.md
View File

@@ -15,6 +15,8 @@ unaffected = []
# cve-rs introduces memory vulnerabilities in safe Rust
`cve-rs` allows you to introduce common memory vulnerabilities (such as buffer overflows and segfaults) into your Rust program in a memory safe manner.
This crate is a joke and should never be used.
`cve-rs` provides demonstrations of common memory vulnerabilities (such as buffer overflows and segfaults) implemented completely within safe Rust.
Internally, this crate does not use unsafe code, it instead exploits a soundness bug in rustc: https://github.com/rust-lang/rust/issues/25860