rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
6c750492d5c1db772d5b628e960d6ec65eb58f13
advisory-db/crates/cve-rs/RUSTSEC-2025-0028.md
Speykious 6c750492d5 RUSTSEC-2025-0028: Indicate 'cve-rs' is a joke
2025-05-06 23:08:48 +02:00

660 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2025-0028"
package = "cve-rs"
date = "2025-02-10"
url = "https://github.com/Speykious/cve-rs"
categories = ["memory-corruption"]
informational = "unsound"
keywords = ["soundness-hole"]

[versions]
patched = []
unaffected = []

cve-rs introduces memory vulnerabilities in safe Rust

This crate is a joke and should never be used.

cve-rs provides demonstrations of common memory vulnerabilities (such as buffer overflows and segfaults) implemented completely within safe Rust.

Internally, this crate does not use unsafe code, it instead exploits a soundness bug in rustc: https://github.com/rust-lang/rust/issues/25860