rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

Report unsoundness in cve-rs, totally-safe-transmute and totally-safe (#2221)

Browse Source
This commit is contained in:
Nugine
2025-05-06 02:16:50 +08:00
committed by GitHub
parent 4584ad9a5e
commit bb435cce9a
3 changed files with 58 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
crates/cve-rs/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,20 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "cve-rs"
date = "2025-02-10"
url = "https://github.com/Speykious/cve-rs"
categories = ["memory-corruption"]
informational = "unsound"
keywords = ["soundness-hole"]
[versions]
patched = []
unaffected = []
```
# cve-rs introduces memory vulnerabilities in safe Rust
`cve-rs` allows you to introduce common memory vulnerabilities (such as buffer overflows and segfaults) into your Rust program in a memory safe manner.
Internally, this crate does not use unsafe code, it instead exploits a soundness bug in rustc: https://github.com/rust-lang/rust/issues/25860

20
crates/totally-safe-transmute/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,20 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "totally-safe-transmute"
date = "2025-02-10"
url = "https://github.com/ben0x539/totally-safe-transmute"
categories = ["memory-corruption"]
informational = "unsound"
keywords = ["soundness-hole"]
[versions]
patched = []
unaffected = []
```
# totally-safe-transmute allows transmuting any type to any other type in safe Rust
This crate uses a known soundness issue (https://github.com/rust-lang/rust/issues/32670) that will never get fixed. In short, Linux provides a file called `/proc/self/mem` which can be used by a program to modify its own memory. This library modifies an enum variant number by accessing its own memory as a file to effectively transmute a variable.
See also <https://doc.rust-lang.org/std/os/unix/io/index.html#procselfmem-and-similar-os-features>

18
crates/totally-safe/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,18 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "totally-safe"
date = "2025-02-10"
url = "https://github.com/viktorlott/totally-safe"
categories = ["memory-corruption"]
informational = "unsound"
keywords = ["soundness-hole"]
[versions]
patched = []
unaffected = []
```
# totally-safe introduces memory vulnerabilities in safe Rust
`totally-safe` provides unsound APIs that exploit a soundness bug in rustc: https://github.com/rust-lang/rust/issues/25860