{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/rust/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["openssl"],"_cs_severities":["high"],"_cs_tags":["rust","openssl","memory leak","buffer overflow"],"_cs_type":"advisory","_cs_vendors":["Rust"],"content_html":"\u003cp\u003eThe \u003ccode\u003erust-openssl\u003c/code\u003e crate, a Rust wrapper for the OpenSSL library, is susceptible to a high-severity vulnerability due to unchecked callback lengths within the FFI trampolines used by several functions related to PSK (Pre-Shared Key) and cookie generation. Specifically, versions 0.9.24 up to (but not including) 0.10.78 are affected. The vulnerable functions include \u003ccode\u003eSslContextBuilder::set_psk_client_callback\u003c/code\u003e, \u003ccode\u003eset_psk_server_callback\u003c/code\u003e, \u003ccode\u003eset_cookie_generate_cb\u003c/code\u003e, and \u003ccode\u003eset_stateless_cookie_generate_cb\u003c/code\u003e. The issue arises because the user-provided closure\u0026rsquo;s returned \u003ccode\u003eusize\u003c/code\u003e (size) value is directly passed to OpenSSL without validation against the size of the \u003ccode\u003e\u0026amp;mut [u8]\u003c/code\u003e buffer provided to the closure, resulting in potential buffer overflows and memory leaks. This allows an attacker to potentially leak adjacent memory regions to a peer.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious application or exploits an existing application using the vulnerable \u003ccode\u003erust-openssl\u003c/code\u003e crate.\u003c/li\u003e\n\u003cli\u003eThe attacker triggers one of the vulnerable callback functions (\u003ccode\u003eset_psk_client_callback\u003c/code\u003e, \u003ccode\u003eset_psk_server_callback\u003c/code\u003e, \u003ccode\u003eset_cookie_generate_cb\u003c/code\u003e, or \u003ccode\u003eset_stateless_cookie_generate_cb\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe vulnerable callback function executes the user-provided closure.\u003c/li\u003e\n\u003cli\u003eThe user-provided closure returns a \u003ccode\u003eusize\u003c/code\u003e value indicating the intended length of the data to be written to the output buffer.\u003c/li\u003e\n\u003cli\u003eThe FFI trampoline forwards this \u003ccode\u003eusize\u003c/code\u003e value directly to OpenSSL, bypassing bounds checking against the actual buffer size.\u003c/li\u003e\n\u003cli\u003eIf the returned \u003ccode\u003eusize\u003c/code\u003e exceeds the allocated buffer size, OpenSSL writes beyond the buffer boundary, leading to a buffer overflow.\u003c/li\u003e\n\u003cli\u003eThe buffer overflow allows the attacker to read adjacent memory regions or overwrite data, potentially leaking sensitive information or corrupting program state.\u003c/li\u003e\n\u003cli\u003eSuccessful exploitation could lead to information disclosure, denial of service, or potentially arbitrary code execution.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability could lead to information disclosure, denial of service, or potentially arbitrary code execution. Given the widespread use of the \u003ccode\u003erust-openssl\u003c/code\u003e crate in various applications, the impact could be significant, affecting numerous services and potentially exposing sensitive data. The vulnerability allows for memory leakage to peers which could have broad consequences.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to \u003ccode\u003erust-openssl\u003c/code\u003e version 0.10.78 or later to patch the vulnerability (reference: \u003ca href=\"https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.78)\"\u003ehttps://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.78)\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization within user-provided closures to ensure that the returned \u003ccode\u003eusize\u003c/code\u003e value does not exceed the allocated buffer size, mitigating the risk even in vulnerable versions.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-23T12:00:00Z","date_published":"2026-04-23T12:00:00Z","id":"/briefs/2026-04-rust-openssl-memory-leak/","summary":"The rust-openssl crate versions 0.9.24 prior to 0.10.78 are vulnerable to memory leaks due to unchecked callback lengths in PSK/cookie trampolines, potentially leading to buffer overflows.","title":"rust-openssl Unchecked Callback Length Memory Leak","url":"https://feed.craftedsignal.io/briefs/2026-04-rust-openssl-memory-leak/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["russh"],"_cs_severities":["medium"],"_cs_tags":["denial-of-service","russh","keyboard-interactive"],"_cs_type":"advisory","_cs_vendors":["rust"],"content_html":"\u003cp\u003eA pre-authentication denial-of-service vulnerability exists in the russh crate, specifically affecting servers that implement keyboard-interactive authentication. This vulnerability allows a malicious client to crash a russh-based server by sending a malformed packet, without needing any valid credentials. The vulnerability resides in the \u003ccode\u003eread_userauth_info_response\u003c/code\u003e function within \u003ccode\u003erussh/src/server/encrypted.rs\u003c/code\u003e, where an unbounded \u003ccode\u003eu32\u003c/code\u003e count from the client\u0026rsquo;s \u003ccode\u003eSSH_MSG_USERAUTH_INFO_RESPONSE\u003c/code\u003e message is used directly to allocate memory via \u003ccode\u003eVec::with_capacity()\u003c/code\u003e. An attacker can exploit this by sending a large value for \u0026rsquo;n\u0026rsquo; (e.g., 0x10000000), leading to a massive memory allocation attempt and subsequent out-of-memory crash. This affects servers using keyboard-interactive for multi-step authentication such as TOTP or 2FA. The vulnerability exists in russh versions prior to 0.60.1.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker establishes a TCP connection to the russh server.\u003c/li\u003e\n\u003cli\u003eThe attacker performs the initial SSH key exchange (anonymous DH handshake).\u003c/li\u003e\n\u003cli\u003eThe attacker sends a \u003ccode\u003eUSERAUTH_REQUEST\u003c/code\u003e message with the authentication method set to \u003ccode\u003ekeyboard-interactive\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe server responds with \u003ccode\u003eAuth::Partial\u003c/code\u003e, indicating that keyboard-interactive authentication is in progress and prompts are required.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a \u003ccode\u003eUSERAUTH_INFO_RESPONSE\u003c/code\u003e message with a crafted \u003ccode\u003eu32\u003c/code\u003e value for \u0026rsquo;n\u0026rsquo; set to a large number, such as 0x10000000 (268435456), indicating the number of responses.\u003c/li\u003e\n\u003cli\u003eThe attacker intentionally does not include any response data in the \u003ccode\u003eUSERAUTH_INFO_RESPONSE\u003c/code\u003e message, to maximize the memory allocation attempt.\u003c/li\u003e\n\u003cli\u003eThe server attempts to allocate memory using \u003ccode\u003eVec::with_capacity(n)\u003c/code\u003e, where n is the attacker-controlled large value, triggering excessive memory allocation.\u003c/li\u003e\n\u003cli\u003eThe server exhausts available memory, leading to an out-of-memory (OOM) condition, and the server process crashes, causing a denial of service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eA successful attack results in a denial of service, crashing the russh server and affecting all active SSH sessions. Because the attack occurs before authentication, it can be executed repeatedly and quickly, preventing legitimate users from accessing the server. This can disrupt services relying on the SSH server, leading to downtime and potential data loss. An end-to-end Proof of Concept demonstrates that a russh server within a container with a 512MB memory limit can be OOM-killed by this vulnerability.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to russh version 0.60.1 or later to incorporate the fix that limits the \u003ccode\u003eVec::with_capacity\u003c/code\u003e allocation based on the remaining packet data.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for SSH \u003ccode\u003eUSERAUTH_INFO_RESPONSE\u003c/code\u003e messages with unusually large response counts using the provided Sigma rule \u0026ldquo;Detect Excessive SSH Keyboard-Interactive Responses\u0026rdquo;.\u003c/li\u003e\n\u003cli\u003eImplement rate limiting or connection limits to mitigate the impact of rapid connection attempts from malicious clients.\u003c/li\u003e\n\u003cli\u003eReview and audit implementations of \u003ccode\u003eHandler::auth_keyboard_interactive\u003c/code\u003e to ensure proper input validation and resource management, especially where \u003ccode\u003eAuth::Partial\u003c/code\u003e is returned.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-07-03T12:00:00Z","date_published":"2024-07-03T12:00:00Z","id":"/briefs/2024-07-03-russh-dos/","summary":"A denial-of-service vulnerability exists in the russh crate, where a malicious client can crash any russh-based server implementing keyboard-interactive authentication by sending a crafted SSH_MSG_USERAUTH_INFO_RESPONSE message with a large response count, leading to excessive memory allocation and an out-of-memory crash without requiring any credentials.","title":"russh Keyboard-Interactive Authentication Denial-of-Service","url":"https://feed.craftedsignal.io/briefs/2024-07-03-russh-dos/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["rustls-webpki"],"_cs_severities":["medium"],"_cs_tags":["denial-of-service","rustls-webpki","crl"],"_cs_type":"advisory","_cs_vendors":["rust"],"content_html":"\u003cp\u003eA denial-of-service vulnerability has been identified in the rustls-webpki crate, specifically affecting versions prior to 0.103.13 and versions between 0.104.0-alpha.1 and 0.104.0-alpha.7. The vulnerability stems from a panic within the \u003ccode\u003ebit_string_flags()\u003c/code\u003e function located in \u003ccode\u003esrc/der.rs\u003c/code\u003e. This panic occurs when the function processes a malformed Certificate Revocation List (CRL) containing a BIT STRING with a content of exactly \u003ccode\u003e[0x00]\u003c/code\u003e. The issue is triggered via the \u003ccode\u003eissuingDistributionPoint\u003c/code\u003e CRL extension when CRL revocation checking is explicitly enabled through \u003ccode\u003eRevocationOptions\u003c/code\u003e and the application loads CRL data from a source controlled by an attacker. This vulnerability allows a remote attacker to cause a denial of service in applications that rely on rustls-webpki for certificate validation.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker obtains a certificate from a Certificate Authority (CA) that permits custom Certificate Distribution Point (CDP) URLs.\u003c/li\u003e\n\u003cli\u003eAttacker sets the CDP of the certificate to point to a server they control (e.g., \u003ccode\u003ecdp\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious CRL with a BIT STRING in the \u003ccode\u003eissuingDistributionPoint\u003c/code\u003e extension containing the byte sequence \u003ccode\u003e0x00\u003c/code\u003e, triggering the vulnerability in \u003ccode\u003ebit_string_flags()\u003c/code\u003e. The CRL must be DER encoded and contain the following ASN.1 structure: \u003ccode\u003ea0 10 30 0e 30 0c 06 03 55 1d 1c 04 05 30 03 83 01 00\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe attacker hosts the crafted CRL on the server specified in the CDP.\u003c/li\u003e\n\u003cli\u003eA vulnerable mTLS server configured to use CRL checking receives a connection request from a client presenting the attacker\u0026rsquo;s certificate.\u003c/li\u003e\n\u003cli\u003eThe mTLS server fetches the CRL from the attacker-controlled CDP server during the TLS handshake.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eBorrowedCertRevocationList::from_der()\u003c/code\u003e function parses the CRL, leading to the execution of \u003ccode\u003ebit_string_flags()\u003c/code\u003e on the malformed BIT STRING.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ebit_string_flags()\u003c/code\u003e function panics due to an index-out-of-bounds error, resulting in a denial-of-service condition on the mTLS server.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability leads to a denial-of-service condition. Affected applications that perform mTLS, particularly servers, become unavailable when processing connections from clients presenting certificates with malicious CRL distribution points. This can disrupt services and impact availability. The severity is high because an attacker can trigger the vulnerability remotely without authentication.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to rustls-webpki version 0.103.13 or 0.104.0-alpha.7 or later to patch the vulnerability.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect-Malformed-CRL-Bit-String\u003c/code\u003e to identify attempts to exploit this vulnerability by monitoring for specific byte sequences in CRL data.\u003c/li\u003e\n\u003cli\u003eImplement strict validation and sanitization of CRL data before processing it with \u003ccode\u003erustls-webpki\u003c/code\u003e, especially when fetching CRLs from untrusted sources.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-09T12:00:00Z","date_published":"2024-01-09T12:00:00Z","id":"/briefs/2024-01-rustls-webpki-dos/","summary":"A denial-of-service vulnerability exists in rustls-webpki versions prior to 0.103.13 and between 0.104.0-alpha.1 and 0.104.0-alpha.7 due to a panic in `bit_string_flags()` when processing a malformed CRL BIT STRING, triggered when CRL checking is enabled and an attacker provides a crafted CRL.","title":"rustls-webpki Denial-of-Service Vulnerability via Malformed CRL BIT STRING","url":"https://feed.craftedsignal.io/briefs/2024-01-rustls-webpki-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — Rust","version":"https://jsonfeed.org/version/1.1"}