Skip to content

Commit bb435cc

Browse files
NugineNugine
authored
Report unsoundness in cve-rs, totally-safe-transmute and totally-safe (#2221)
1 parent 4584ad9 commit bb435cc

File tree

3 files changed

+58
-0
lines changed

3 files changed

+58
-0
lines changed

crates/cve-rs/RUSTSEC-0000-0000.md

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
```toml
2+
[advisory]
3+
id = "RUSTSEC-0000-0000"
4+
package = "cve-rs"
5+
date = "2025-02-10"
6+
url = "https://github.com/Speykious/cve-rs"
7+
categories = ["memory-corruption"]
8+
informational = "unsound"
9+
keywords = ["soundness-hole"]
10+
11+
[versions]
12+
patched = []
13+
unaffected = []
14+
```
15+
16+
# cve-rs introduces memory vulnerabilities in safe Rust
17+
18+
`cve-rs` allows you to introduce common memory vulnerabilities (such as buffer overflows and segfaults) into your Rust program in a memory safe manner.
19+
20+
Internally, this crate does not use unsafe code, it instead exploits a soundness bug in rustc: https://github.com/rust-lang/rust/issues/25860

crates/totally-safe-transmute/RUSTSEC-0000-0000.md

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
```toml
2+
[advisory]
3+
id = "RUSTSEC-0000-0000"
4+
package = "totally-safe-transmute"
5+
date = "2025-02-10"
6+
url = "https://github.com/ben0x539/totally-safe-transmute"
7+
categories = ["memory-corruption"]
8+
informational = "unsound"
9+
keywords = ["soundness-hole"]
10+
11+
[versions]
12+
patched = []
13+
unaffected = []
14+
```
15+
16+
# totally-safe-transmute allows transmuting any type to any other type in safe Rust
17+
18+
This crate uses a known soundness issue (https://github.com/rust-lang/rust/issues/32670) that will never get fixed. In short, Linux provides a file called `/proc/self/mem` which can be used by a program to modify its own memory. This library modifies an enum variant number by accessing its own memory as a file to effectively transmute a variable.
19+
20+
See also <https://doc.rust-lang.org/std/os/unix/io/index.html#procselfmem-and-similar-os-features>

crates/totally-safe/RUSTSEC-0000-0000.md

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
```toml
2+
[advisory]
3+
id = "RUSTSEC-0000-0000"
4+
package = "totally-safe"
5+
date = "2025-02-10"
6+
url = "https://github.com/viktorlott/totally-safe"
7+
categories = ["memory-corruption"]
8+
informational = "unsound"
9+
keywords = ["soundness-hole"]
10+
11+
[versions]
12+
patched = []
13+
unaffected = []
14+
```
15+
16+
# totally-safe introduces memory vulnerabilities in safe Rust
17+
18+
`totally-safe` provides unsound APIs that exploit a soundness bug in rustc: https://github.com/rust-lang/rust/issues/25860

0 commit comments

Comments
 (0)