{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/rust/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["mysten-metrics"],"_cs_severities":["critical"],"_cs_tags":["supply-chain","malware","rust"],"_cs_type":"advisory","_cs_vendors":["MystenLabs"],"content_html":"\u003cp\u003eOn April 20, 2026, a malicious crate named \u003ccode\u003emysten-metrics\u003c/code\u003e was published to crates.io. This crate contained a build script designed to exfiltrate data from the machine during the build process. The crate was identified and removed from crates.io. At the time of removal, only one version of the crate had been published, and there was no evidence of actual usage. The crate had no dependencies on crates.io, limiting the potential spread. This incident highlights the risks associated with supply chain attacks targeting software build processes and the importance of verifying the integrity of third-party dependencies.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker publishes the \u003ccode\u003emysten-metrics\u003c/code\u003e crate to crates.io.\u003c/li\u003e\n\u003cli\u003eA developer adds \u003ccode\u003emysten-metrics\u003c/code\u003e as a dependency to their project.\u003c/li\u003e\n\u003cli\u003eThe developer builds the project using \u003ccode\u003ecargo build\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAs part of the build process, the malicious build script within \u003ccode\u003emysten-metrics\u003c/code\u003e is executed.\u003c/li\u003e\n\u003cli\u003eThe build script collects sensitive data from the build environment (e.g., environment variables, file contents, system information).\u003c/li\u003e\n\u003cli\u003eThe build script attempts to exfiltrate the collected data to a remote attacker-controlled server. The exact exfiltration method is not specified, but could involve HTTP/S requests or DNS tunneling.\u003c/li\u003e\n\u003cli\u003eThe attacker receives the exfiltrated data from the compromised build machine.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful execution of the malicious build script could lead to the exposure of sensitive information, including API keys, credentials, source code, and other confidential data present on the build machine. This data could be used to compromise the developer\u0026rsquo;s infrastructure, intellectual property, and customer data. Since there were no known usages, the impact was contained by its early removal.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplement integrity checks for all third-party dependencies to identify and prevent the use of malicious packages.\u003c/li\u003e\n\u003cli\u003eMonitor network connections originating from build processes for suspicious outbound traffic, as this could indicate data exfiltration. Create network connection rules.\u003c/li\u003e\n\u003cli\u003eImplement file integrity monitoring on build machines to detect unauthorized modifications to files during the build process.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-04T21:43:56Z","date_published":"2026-05-04T21:43:56Z","id":"/briefs/2026-05-mysten-metrics-exfiltration/","summary":"The `mysten-metrics` crate was removed from crates.io after it was found to contain a malicious build script that attempted to exfiltrate data from the build machine during the build process.","title":"Malicious mysten-metrics Crate Exfiltrates Build Machine Data","url":"https://feed.craftedsignal.io/briefs/2026-05-mysten-metrics-exfiltration/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["sui-execution-cut"],"_cs_severities":["critical"],"_cs_tags":["supply-chain","malware","rust"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eOn April 20, 2026, a malicious crate named \u003ccode\u003esui-execution-cut\u003c/code\u003e was published to crates.io. This crate included a build script that, when executed, attempted to exfiltrate data from the machine on which the crate was being built. The crate had no dependencies and only one version was ever published. The malicious package was quickly removed from crates.io after discovery. While the crate was available for a short period, there is no evidence of actual usage, however, supply chain compromises can have a wide impact if successful, and even this low-usage crate warrants monitoring.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eA developer adds the malicious \u003ccode\u003esui-execution-cut\u003c/code\u003e crate as a dependency to their Rust project.\u003c/li\u003e\n\u003cli\u003eDuring the build process, the \u003ccode\u003ecargo\u003c/code\u003e build system executes the build script embedded within the \u003ccode\u003esui-execution-cut\u003c/code\u003e crate.\u003c/li\u003e\n\u003cli\u003eThe build script executes a series of commands designed to gather sensitive information from the build environment.\u003c/li\u003e\n\u003cli\u003eThe script establishes an outbound network connection to a remote server controlled by the attacker.\u003c/li\u003e\n\u003cli\u003eThe gathered data is transmitted to the attacker\u0026rsquo;s server via HTTP POST or a similar method.\u003c/li\u003e\n\u003cli\u003eThe attacker receives the exfiltrated data, which could include environment variables, file contents, or other sensitive information.\u003c/li\u003e\n\u003cli\u003eThe attacker analyzes the stolen data for valuable secrets, credentials, or intellectual property.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe \u003ccode\u003esui-execution-cut\u003c/code\u003e crate, if used, could have compromised developer machines by exfiltrating sensitive data during the build process. Although the crate was quickly removed and showed no signs of usage, a successful attack of this nature could lead to the exposure of secrets, credentials, and intellectual property. The lack of usage limits the impact, but the nature of supply chain attacks makes even low-usage crates a potential risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor for unexpected network connections originating from build processes, especially connections to unknown or suspicious domains. Use the \u0026ldquo;Detect Suspicious Outbound Connections from Build Processes\u0026rdquo; Sigma rule.\u003c/li\u003e\n\u003cli\u003eImplement strict dependency review processes to identify and prevent the introduction of malicious packages into your software supply chain.\u003c/li\u003e\n\u003cli\u003eContinuously monitor crates.io and other package repositories for reports of malicious packages and promptly remove them from your dependencies if identified.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-04T21:42:55Z","date_published":"2026-05-04T21:42:55Z","id":"/briefs/2026-05-sui-execution-cut-exfiltration/","summary":"The `sui-execution-cut` crate on crates.io contained a build script designed to exfiltrate data from the build machine during the build process.","title":"Malicious sui-execution-cut Crate Exfiltrates Build Machine Data","url":"https://feed.craftedsignal.io/briefs/2026-05-sui-execution-cut-exfiltration/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["openssl"],"_cs_severities":["high"],"_cs_tags":["rust","openssl","memory leak","buffer overflow"],"_cs_type":"advisory","_cs_vendors":["Rust"],"content_html":"\u003cp\u003eThe \u003ccode\u003erust-openssl\u003c/code\u003e crate, a Rust wrapper for the OpenSSL library, is susceptible to a high-severity vulnerability due to unchecked callback lengths within the FFI trampolines used by several functions related to PSK (Pre-Shared Key) and cookie generation. Specifically, versions 0.9.24 up to (but not including) 0.10.78 are affected. The vulnerable functions include \u003ccode\u003eSslContextBuilder::set_psk_client_callback\u003c/code\u003e, \u003ccode\u003eset_psk_server_callback\u003c/code\u003e, \u003ccode\u003eset_cookie_generate_cb\u003c/code\u003e, and \u003ccode\u003eset_stateless_cookie_generate_cb\u003c/code\u003e. The issue arises because the user-provided closure\u0026rsquo;s returned \u003ccode\u003eusize\u003c/code\u003e (size) value is directly passed to OpenSSL without validation against the size of the \u003ccode\u003e\u0026amp;mut [u8]\u003c/code\u003e buffer provided to the closure, resulting in potential buffer overflows and memory leaks. This allows an attacker to potentially leak adjacent memory regions to a peer.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious application or exploits an existing application using the vulnerable \u003ccode\u003erust-openssl\u003c/code\u003e crate.\u003c/li\u003e\n\u003cli\u003eThe attacker triggers one of the vulnerable callback functions (\u003ccode\u003eset_psk_client_callback\u003c/code\u003e, \u003ccode\u003eset_psk_server_callback\u003c/code\u003e, \u003ccode\u003eset_cookie_generate_cb\u003c/code\u003e, or \u003ccode\u003eset_stateless_cookie_generate_cb\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe vulnerable callback function executes the user-provided closure.\u003c/li\u003e\n\u003cli\u003eThe user-provided closure returns a \u003ccode\u003eusize\u003c/code\u003e value indicating the intended length of the data to be written to the output buffer.\u003c/li\u003e\n\u003cli\u003eThe FFI trampoline forwards this \u003ccode\u003eusize\u003c/code\u003e value directly to OpenSSL, bypassing bounds checking against the actual buffer size.\u003c/li\u003e\n\u003cli\u003eIf the returned \u003ccode\u003eusize\u003c/code\u003e exceeds the allocated buffer size, OpenSSL writes beyond the buffer boundary, leading to a buffer overflow.\u003c/li\u003e\n\u003cli\u003eThe buffer overflow allows the attacker to read adjacent memory regions or overwrite data, potentially leaking sensitive information or corrupting program state.\u003c/li\u003e\n\u003cli\u003eSuccessful exploitation could lead to information disclosure, denial of service, or potentially arbitrary code execution.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability could lead to information disclosure, denial of service, or potentially arbitrary code execution. Given the widespread use of the \u003ccode\u003erust-openssl\u003c/code\u003e crate in various applications, the impact could be significant, affecting numerous services and potentially exposing sensitive data. The vulnerability allows for memory leakage to peers which could have broad consequences.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to \u003ccode\u003erust-openssl\u003c/code\u003e version 0.10.78 or later to patch the vulnerability (reference: \u003ca href=\"https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.78)\"\u003ehttps://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.78)\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization within user-provided closures to ensure that the returned \u003ccode\u003eusize\u003c/code\u003e value does not exceed the allocated buffer size, mitigating the risk even in vulnerable versions.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-23T12:00:00Z","date_published":"2026-04-23T12:00:00Z","id":"/briefs/2026-04-rust-openssl-memory-leak/","summary":"The rust-openssl crate versions 0.9.24 prior to 0.10.78 are vulnerable to memory leaks due to unchecked callback lengths in PSK/cookie trampolines, potentially leading to buffer overflows.","title":"rust-openssl Unchecked Callback Length Memory Leak","url":"https://feed.craftedsignal.io/briefs/2026-04-rust-openssl-memory-leak/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["libp2p","gossipsub","denial-of-service","integer overflow","rust"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe Rust libp2p Gossipsub implementation, a peer-to-peer networking library, is susceptible to a remote denial-of-service (DoS) vulnerability. This flaw resides in the handling of \u003ccode\u003ebackoff\u003c/code\u003e expiry during heartbeat processing. By sending a specially crafted \u003ccode\u003ePRUNE\u003c/code\u003e control message containing an attacker-controlled, near-maximum \u003ccode\u003ebackoff\u003c/code\u003e value, a remote, unauthenticated peer can trigger an integer overflow. This overflow occurs when the implementation performs unchecked addition of the \u003ccode\u003ebackoff_time\u003c/code\u003e and a \u003ccode\u003eslack\u003c/code\u003e value. This vulnerability affects applications using libp2p-gossipsub versions prior to 0.49.4 and is distinct from CVE-2026-33040, which addressed overflow during backoff insertion. This report highlights a distinct secondary overflow path in heartbeat expiry handling that remained exploitable even after the initial insertion-side hardening. The vulnerability was reported by the Security team of the Ethereum Foundation.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker establishes a standard libp2p session with a target node using \u003ccode\u003eTCP + Noise\u003c/code\u003e for encryption.\u003c/li\u003e\n\u003cli\u003eThe attacker negotiates a stream multiplexer protocol such as \u003ccode\u003emplex\u003c/code\u003e or \u003ccode\u003eyamux\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker opens a Gossipsub stream with the target node to initiate communication.\u003c/li\u003e\n\u003cli\u003eThe attacker sends an RPC (Remote Procedure Call) containing a \u003ccode\u003eControlPrune\u003c/code\u003e message.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eControlPrune\u003c/code\u003e message includes a crafted \u003ccode\u003ebackoff\u003c/code\u003e value set near the maximum representable value for an i64 integer (e.g., \u003ccode\u003e9223372036854674580\u003c/code\u003e). The attacker chooses this value relative to the victim\u0026rsquo;s uptime.\u003c/li\u003e\n\u003cli\u003eThe target node parses the \u003ccode\u003ebackoff\u003c/code\u003e value from the protobuf message and processes it using \u003ccode\u003eBehaviour::handle_prune()\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ebackoff\u003c/code\u003e value is stored after a checked addition to ensure it\u0026rsquo;s valid, however the near-maximum value is still retained.\u003c/li\u003e\n\u003cli\u003eOn the next heartbeat, the node attempts to calculate the expiry time by adding a \u003ccode\u003eslack\u003c/code\u003e value to the stored \u003ccode\u003ebackoff_time\u003c/code\u003e using unchecked addition, which results in an integer overflow, causing a panic and crashing the application.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThis vulnerability results in a remote, unauthenticated denial of service. Any application exposing an affected \u003ccode\u003elibp2p-gossipsub\u003c/code\u003e listener can be crashed by a network-reachable peer. The crash occurs during heartbeat processing, not immediately upon receiving the \u003ccode\u003ePRUNE\u003c/code\u003e message. The attack can be repeated by reconnecting to the target and replaying the crafted \u003ccode\u003ePRUNE\u003c/code\u003e message. This could lead to service disruptions and potential data loss if the application does not handle crashes gracefully. The number of potential victims is significant, encompassing any application utilizing vulnerable versions of the \u003ccode\u003elibp2p-gossipsub\u003c/code\u003e library.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the \u003ccode\u003elibp2p-gossipsub\u003c/code\u003e dependency to version 0.49.4 or later to patch the unchecked arithmetic operation that causes the overflow.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect libp2p Gossipsub PRUNE with Large Backoff\u0026rdquo; to identify potential exploitation attempts by monitoring network traffic for unusually large \u003ccode\u003ebackoff\u003c/code\u003e values in \u003ccode\u003ePRUNE\u003c/code\u003e messages.\u003c/li\u003e\n\u003cli\u003eEnable network connection logging to capture details of libp2p sessions and identify potential malicious peers attempting to exploit this vulnerability (logsource: network_connection).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-30T13:04:03Z","date_published":"2026-03-30T13:04:03Z","id":"/briefs/2026-03-libp2p-gossipsub-dos/","summary":"A remote, unauthenticated attacker can crash applications using libp2p-gossipsub versions prior to 0.49.4 by sending a crafted PRUNE control message with a near-maximum backoff value, causing an arithmetic overflow during heartbeat processing.","title":"libp2p-gossipsub Remote Denial of Service via Integer Overflow","url":"https://feed.craftedsignal.io/briefs/2026-03-libp2p-gossipsub-dos/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["denial-of-service","web-framework","rust"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eSalvo is a Rust-based web framework. Prior to version 0.89.3, the \u003ccode\u003eform_data()\u003c/code\u003e method and \u003ccode\u003eExtractible\u003c/code\u003e macro within Salvo do not properly enforce payload size limits when parsing form data. This lack of input validation allows a remote, unauthenticated attacker to send arbitrarily large HTTP request bodies to a vulnerable server. By exploiting this vulnerability, an attacker can exhaust the server\u0026rsquo;s memory resources, leading to an Out-of-Memory (OOM) condition. This results in service crashes…\u003c/p\u003e\n","date_modified":"2026-03-25T12:00:00Z","date_published":"2026-03-25T12:00:00Z","id":"/briefs/2026-03-salvo-dos/","summary":"The Salvo web framework before version 0.89.3 is vulnerable to denial of service due to unbounded memory allocation when parsing form data, enabling attackers to crash services by sending large payloads.","title":"Salvo Web Framework Denial of Service Vulnerability (CVE-2026-33241)","url":"https://feed.craftedsignal.io/briefs/2026-03-salvo-dos/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["low"],"_cs_tags":["rust","reverse-engineering","malware-analysis"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eOn March 15, 2026, JPCERT/CC published a study examining the challenges and techniques involved in reverse engineering binaries compiled from the Rust programming language. This research aims to aid security analysts and reverse engineers in understanding the structure and characteristics of Rust-based malware. Rust\u0026rsquo;s increasing popularity among malware authors necessitates specialized knowledge to effectively analyze and detect these threats. The study details specific features of Rust binaries that differ from those compiled from other languages like C or C++, focusing on aspects such as metadata handling, string encoding, and unique function calling conventions. The research provides practical guidance for overcoming common obstacles encountered during reverse engineering of Rust binaries.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003cp\u003eThis threat brief focuses on the analysis of Rust binaries, not a specific attack chain. However, understanding the structure of these binaries is crucial for analyzing attacks leveraging them. The following steps outline a general reverse engineering process applicable to any binary, with considerations specific to Rust:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eInitial Reconnaissance:\u003c/strong\u003e Obtain the Rust binary and gather basic information such as file type, size, and compilation timestamp using tools like \u003ccode\u003efile\u003c/code\u003e and \u003ccode\u003estrings\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMetadata Analysis:\u003c/strong\u003e Examine the binary\u0026rsquo;s metadata section to identify Rust version, crate dependencies, and potentially debug symbols. This can be done using tools like \u003ccode\u003eobjdump\u003c/code\u003e or specialized Rust metadata parsers.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eString Extraction:\u003c/strong\u003e Extract embedded strings from the binary. Note that Rust often uses UTF-8 encoding for strings, so ensure your tools support this encoding.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFunction Identification:\u003c/strong\u003e Identify key functions such as \u003ccode\u003emain\u003c/code\u003e, and any other functions related to suspicious behavior. Tools like IDA Pro or Ghidra can be used for disassembly and function analysis.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eControl Flow Analysis:\u003c/strong\u003e Analyze the control flow of the program, paying attention to function calls and branching logic. Rust\u0026rsquo;s ownership and borrowing system can make control flow more complex than in C/C++.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependency Analysis:\u003c/strong\u003e Identify and analyze any external crates (libraries) used by the binary. These crates may contain known vulnerabilities or malicious code.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBehavioral Analysis:\u003c/strong\u003e Execute the binary in a controlled environment (sandbox) to observe its behavior, including file system access, network connections, and registry modifications.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDetection Rule Creation:\u003c/strong\u003e Based on the reverse engineering and behavioral analysis, create detection rules for identifying similar malicious Rust binaries.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe increasing use of Rust in malware development poses a challenge for security analysts. Successful reverse engineering and understanding of Rust binaries are crucial for detecting and mitigating threats. Failure to adapt to this trend could lead to a decreased ability to identify and respond to novel malware strains.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFamiliarize detection engineers with the structure and characteristics of Rust binaries as described in the JPCERT/CC study to improve reverse engineering capabilities.\u003c/li\u003e\n\u003cli\u003eImplement the Sigma rules provided below to detect suspicious behaviors commonly associated with potentially malicious binaries, adjusting thresholds and whitelists as needed for your environment.\u003c/li\u003e\n\u003cli\u003eUtilize tools capable of parsing Rust metadata to extract crate dependencies and other useful information from Rust binaries during analysis, as described in the \u0026ldquo;Metadata Analysis\u0026rdquo; step above.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-16T12:00:00Z","date_published":"2026-03-16T12:00:00Z","id":"/briefs/2026-03-rust-binaries/","summary":"JPCERT/CC published a study on the reverse engineering of binaries created with the Rust programming language, providing insights for malware analysis and detection engineering.","title":"JPCERT/CC Study on Reverse Engineering Rust Binaries","url":"https://feed.craftedsignal.io/briefs/2026-03-rust-binaries/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["openssl"],"_cs_severities":["high"],"_cs_tags":["buffer overflow","rust","openssl","vulnerability"],"_cs_type":"advisory","_cs_vendors":["OpenSSL"],"content_html":"\u003cp\u003eThe \u003ccode\u003erust-openssl\u003c/code\u003e crate, a Rust wrapper for the OpenSSL library, is susceptible to a critical vulnerability (CVE-2026-41681) stemming from a buffer overflow within the \u003ccode\u003eMdCtxRef::digest_final()\u003c/code\u003e function. This flaw arises because \u003ccode\u003eEVP_DigestFinal()\u003c/code\u003e unconditionally writes \u003ccode\u003eEVP_MD_CTX_size(ctx)\u003c/code\u003e bytes to the provided output buffer (\u003ccode\u003eout\u003c/code\u003e), without verifying if the buffer\u0026rsquo;s allocated size is sufficient. Consequently, if \u003ccode\u003eout\u003c/code\u003e is smaller than the size dictated by \u003ccode\u003eEVP_MD_CTX_size(ctx)\u003c/code\u003e, a write-out-of-bounds condition occurs, potentially leading to stack corruption. The vulnerability is reachable from safe Rust code, making it a significant concern for applications utilizing the affected versions of the \u003ccode\u003erust-openssl\u003c/code\u003e crate. Specifically, versions 0.10.39 up to (but not including) 0.10.78 are affected.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a Rust application that utilizes the \u003ccode\u003erust-openssl\u003c/code\u003e crate.\u003c/li\u003e\n\u003cli\u003eThe application initiates a digest operation using \u003ccode\u003eEVP_DigestInit()\u003c/code\u003e to set up the message digest context.\u003c/li\u003e\n\u003cli\u003eThe application feeds data into the digest context using \u003ccode\u003eEVP_DigestUpdate()\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe application calls \u003ccode\u003eMdCtxRef::digest_final()\u003c/code\u003e via safe Rust.\u003c/li\u003e\n\u003cli\u003eInternally, \u003ccode\u003eEVP_DigestFinal()\u003c/code\u003e is called without proper bounds checking.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eEVP_DigestFinal()\u003c/code\u003e attempts to write \u003ccode\u003eEVP_MD_CTX_size(ctx)\u003c/code\u003e bytes to the \u003ccode\u003eout\u003c/code\u003e buffer.\u003c/li\u003e\n\u003cli\u003eIf \u003ccode\u003eout\u003c/code\u003e is smaller than the expected size, a stack-based buffer overflow occurs as data is written beyond the allocated memory region.\u003c/li\u003e\n\u003cli\u003eThis overflow overwrites adjacent memory on the stack, potentially corrupting critical program data or control flow structures, leading to crashes or arbitrary code execution.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker to potentially achieve arbitrary code execution within the context of the affected application. This could lead to complete system compromise, data breaches, or denial-of-service conditions. Given that the vulnerability is reachable from safe Rust, applications relying on vulnerable versions of the \u003ccode\u003erust-openssl\u003c/code\u003e crate are at risk. The vulnerability can cause stack corruption, leading to unpredictable behavior and potential application crashes.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the \u003ccode\u003erust-openssl\u003c/code\u003e crate to version 0.10.78 or later to remediate CVE-2026-41681.\u003c/li\u003e\n\u003cli\u003eImplement robust input validation and size checks when using the \u003ccode\u003erust-openssl\u003c/code\u003e crate, specifically when handling digest operations, to prevent buffer overflows.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T12:00:00Z","date_published":"2024-01-03T12:00:00Z","id":"/briefs/2024-01-03-rust-openssl-buffer-overflow/","summary":"The rust-openssl crate is vulnerable to a stack-based buffer overflow (CVE-2026-41681) where the `EVP_DigestFinal()` function writes beyond the allocated buffer, potentially corrupting the stack, affecting versions \u003e= 0.10.39 and \u003c 0.10.78.","title":"rust-openssl Stack Buffer Overflow Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-01-03-rust-openssl-buffer-overflow/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["openssl"],"_cs_severities":["high"],"_cs_tags":["openssl","buffer-overflow","rust","cryptography"],"_cs_type":"advisory","_cs_vendors":["OpenSSL"],"content_html":"\u003cp\u003eThe \u003ccode\u003erust-openssl\u003c/code\u003e crate, specifically the \u003ccode\u003eDeriver::derive\u003c/code\u003e and \u003ccode\u003ePkeyCtxRef::derive\u003c/code\u003e functions, is vulnerable to a heap/stack overflow when used in conjunction with OpenSSL version 1.1.x. This occurs because the \u003ccode\u003eEVP_PKEY_derive\u003c/code\u003e function in OpenSSL 1.1.x fails to properly validate the input buffer length when used with X25519, X448, DH, and HKDF-extract. These key derivation functions unconditionally write the full shared secret (32/56/prime-size bytes) regardless of the buffer size provided by the caller, leading to a buffer overflow if the provided slice is too small. This vulnerability affects rust-openssl versions \u0026gt;= 0.9.27 and \u0026lt; 0.10.78. This vulnerability is mitigated in OpenSSL 3.x because the providers check buffer length.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious application using the \u003ccode\u003erust-openssl\u003c/code\u003e crate.\u003c/li\u003e\n\u003cli\u003eThe application uses \u003ccode\u003eDeriver::derive\u003c/code\u003e or \u003ccode\u003ePkeyCtxRef::derive\u003c/code\u003e with an X25519, X448, DH, or HKDF-extract key agreement algorithm.\u003c/li\u003e\n\u003cli\u003eThe application provides a buffer smaller than the expected output size of the key derivation function (32 bytes for X25519, 56 bytes for X448, prime-size bytes for DH).\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eEVP_PKEY_derive\u003c/code\u003e function in OpenSSL 1.1.x is called without proper buffer length validation.\u003c/li\u003e\n\u003cli\u003eThe key derivation function writes the full shared secret to the undersized buffer.\u003c/li\u003e\n\u003cli\u003eA heap or stack buffer overflow occurs, overwriting adjacent memory.\u003c/li\u003e\n\u003cli\u003eThe attacker gains control of the application\u0026rsquo;s execution flow.\u003c/li\u003e\n\u003cli\u003eThe attacker executes arbitrary code on the target system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability can lead to arbitrary code execution within the context of the vulnerable application. This could allow an attacker to gain complete control of the affected system. The number of victims depends on the prevalence of vulnerable \u003ccode\u003erust-openssl\u003c/code\u003e versions being used with OpenSSL 1.1.x. Sectors that rely on \u003ccode\u003erust-openssl\u003c/code\u003e for cryptographic operations are at higher risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the \u003ccode\u003erust-openssl\u003c/code\u003e crate to version \u0026gt;= 0.10.78 to patch the vulnerability (see Overview).\u003c/li\u003e\n\u003cli\u003eIf upgrading \u003ccode\u003erust-openssl\u003c/code\u003e is not immediately feasible, ensure that OpenSSL is upgraded to version 3.x, where the buffer length is checked (see Overview).\u003c/li\u003e\n\u003cli\u003eImplement runtime checks to validate buffer lengths before calling \u003ccode\u003eDeriver::derive\u003c/code\u003e and \u003ccode\u003ePkeyCtxRef::derive\u003c/code\u003e when using X25519, X448, DH, or HKDF-extract (see Attack Chain).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule provided below to detect potential exploitation attempts (see Rules).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T12:00:00Z","date_published":"2024-01-03T12:00:00Z","id":"/briefs/2024-01-03-openssl-overflow/","summary":"The rust-openssl crate's `Deriver::derive` and `PkeyCtxRef::derive` functions can cause heap/stack overflows when used with OpenSSL 1.1.x due to insufficient buffer length validation in X25519, X448, DH, and HKDF-extract, affecting rust-openssl versions \u003e= 0.9.27 and \u003c 0.10.78.","title":"Heap/Stack Overflow in rust-openssl with OpenSSL 1.1.x","url":"https://feed.craftedsignal.io/briefs/2024-01-03-openssl-overflow/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["nimiq-block"],"_cs_severities":["medium"],"_cs_tags":["blockchain","quorum bypass","nimiq","rust"],"_cs_type":"advisory","_cs_vendors":["Nimiq"],"content_html":"\u003cp\u003eA critical vulnerability has been identified in the Nimiq Block\u0026rsquo;s \u003ccode\u003eSkipBlockProof::verify\u003c/code\u003e function within the rust-albatross core. This vulnerability stems from the way the quorum check is performed. The vulnerability lies in the ability to craft \u003ccode\u003eMultiSignature.signers\u003c/code\u003e that contain out-of-range indices spaced by 65536, inflating the \u003ccode\u003elen()\u003c/code\u003e calculation but colliding onto the same in-range \u003ccode\u003eu16\u003c/code\u003e slot during aggregation due to truncation. The vulnerability affects \u003ccode\u003erust/nimiq-block\u003c/code\u003e versions \u003ccode\u003e\u0026lt;= 0.2.0\u003c/code\u003e. Successful exploitation allows a malicious validator with significantly fewer than the required \u003ccode\u003e2f+1\u003c/code\u003e signer slots to pass skip block proof verification. This bypasses the intended security mechanisms, potentially undermining the blockchain\u0026rsquo;s consensus and integrity.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a Nimiq Block instance running a vulnerable version (\u0026lt;= 0.2.0) of the \u003ccode\u003erust/nimiq-block\u003c/code\u003e package.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious \u003ccode\u003eMultiSignature.signers\u003c/code\u003e payload.\u003c/li\u003e\n\u003cli\u003eThe malicious payload contains out-of-range indices spaced by 65536. These indices are specifically designed to inflate the \u003ccode\u003eBitSet.len()\u003c/code\u003e calculation used in the quorum check.\u003c/li\u003e\n\u003cli\u003eDuring verification within \u003ccode\u003eSkipBlockProof::verify\u003c/code\u003e, the \u003ccode\u003eusize\u003c/code\u003e indices are cast to \u003ccode\u003eu16\u003c/code\u003e (\u003ccode\u003eslot as u16\u003c/code\u003e) for slot lookup.\u003c/li\u003e\n\u003cli\u003eDue to the \u003ccode\u003eu16\u003c/code\u003e truncation, the out-of-range indices collide onto the same in-range slot. This creates an artificial aggregation of signatures.\u003c/li\u003e\n\u003cli\u003eThe attacker multiplies a single BLS signature by a factor to match the inflated \u003ccode\u003elen()\u003c/code\u003e value.\u003c/li\u003e\n\u003cli\u003eThe manipulated \u003ccode\u003eSkipBlockProof\u003c/code\u003e passes the quorum check due to the inflated \u003ccode\u003elen()\u003c/code\u003e and signature aggregation.\u003c/li\u003e\n\u003cli\u003eThe malicious skip block is accepted, potentially leading to consensus manipulation or other attacks on the blockchain.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows a malicious validator to bypass the standard quorum requirements for skip block proof verification. This means that a single compromised validator or a small group of colluding validators can inject fraudulent blocks into the blockchain, potentially leading to double-spending, denial-of-service, or other attacks that compromise the integrity and availability of the Nimiq blockchain. Given the severity of these potential outcomes, this vulnerability poses a critical risk to any system relying on affected versions of Nimiq Block.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to \u003ccode\u003erust/nimiq-block\u003c/code\u003e version \u003ccode\u003e1.3.0\u003c/code\u003e or later, which includes the fix for \u003ca href=\"https://github.com/advisories/GHSA-6973-8887-87ff\"\u003eCVE-2026-33471\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for anomalies related to skip block submissions, focusing on unusually large \u003ccode\u003eMultiSignature.signers\u003c/code\u003e payloads with indices spaced by multiples of 65536. Create a network monitoring rule.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-02T12:00:00Z","date_published":"2024-01-02T12:00:00Z","id":"/briefs/2024-01-nimiq-block-quorum-bypass/","summary":"A vulnerability exists in Nimiq Block's SkipBlockProof verification process, allowing attackers to bypass quorum checks by manipulating MultiSignature signers with out-of-range indices, potentially compromising blockchain integrity, and affecting rust/nimiq-block versions 0.2.0 and earlier.","title":"Nimiq Block Skip Block Quorum Bypass Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-01-nimiq-block-quorum-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Rust","version":"https://jsonfeed.org/version/1.1"}