rewrite roxy with tower architecture #24
Security advisories found
1 advisories, 2 unmaintained, 2 unsound, 1 other
Details
Vulnerabilities
RUSTSEC-2026-0007
Integer overflow in
BytesMut::reserve
| Details | |
|---|---|
| Package | bytes |
| Version | 1.11.0 |
| URL | GHSA-434x-w66g-qw3r |
| Date | 2026-02-03 |
| Patched versions | >=1.11.1 |
| Unaffected versions | <1.2.1 |
In the unique reclaim path of BytesMut::reserve, the condition
if v_capacity >= new_cap + offsetuses an unchecked addition. When new_cap + offset overflows usize in release builds, this condition may incorrectly pass, causing self.cap to be set to a value that exceeds the actual allocated capacity. Subsequent APIs such as spare_capacity_mut() then trust this corrupted cap value and may create out-of-bounds slices, leading to UB.
This behavior is observable in release builds (integer overflow wraps), whereas debug builds panic due to overflow checks.
PoC
use bytes::*;
fn main() {
let mut a = BytesMut::from(&b"hello world"[..]);
let mut b = a.split_off(5);
// Ensure b becomes the unique owner of the backing storage
drop(a);
// Trigger overflow in new_cap + offset inside reserve
b.reserve(usize::MAX - 6);
// This call relies on the corrupted cap and may cause UB & HBO
b.put_u8(b'h');
}Workarounds
Users of BytesMut::reserve are only affected if integer overflow checks are configured to wrap. When integer overflow is configured to panic, this issue does not apply.
Warnings
RUSTSEC-2024-0388
derivativeis unmaintained; consider using an alternative
| Details | |
|---|---|
| Status | unmaintained |
| Package | derivative |
| Version | 2.2.0 |
| URL | mcarton/rust-derivative#117 |
| Date | 2024-06-26 |
The derivative crate is no longer maintained.
Consider using any alternative, for instance:
RUSTSEC-2024-0436
paste - no longer maintained
| Details | |
|---|---|
| Status | unmaintained |
| Package | paste |
| Version | 1.0.15 |
| URL | https://github.com/dtolnay/paste |
| Date | 2024-10-07 |
The creator of the crate paste has stated in the README.md
that this project is not longer maintained as well as archived the repository
Possible Alternative(s)
pastey: a fork of paste and is aimed to be a drop-in replacement with additional features for paste cratewith_builtin_macros: crate providing a superset ofpaste's functionality including generalmacro_rules!eager expansions andconcat!/concat_idents!macros
RUSTSEC-2026-0012
Unsoundness in opt-in ARMv8 assembly backend for
keccak
| Details | |
|---|---|
| Status | unsound |
| Package | keccak |
| Version | 0.1.5 |
| URL | RustCrypto/sponges#101 |
| Date | 2026-02-12 |
Summary
The asm! block enabled by the off-by-default asm feature, when enabled on ARMv8 targets, misspecified the operand
type for all of its operands, using in for pointers and values which were subsequently mutated by operations performed
within the assembly block.
Impact
It's unclear what practical impact, if any, this actually had. Incorrect operand types are technically undefined
behavior, however changing them had no actual impact on the generated assembly for these targets. The possibility still
exists that it may lead to potential memory safety or other issues on hypothetical future versions of rustc.
Mitigation
The operand types were changed from in to inout, and the impacted versions of the keccak crate were yanked.
RUSTSEC-2026-0002
IterMutviolates Stacked Borrows by invalidating internal pointer
| Details | |
|---|---|
| Status | unsound |
| Package | lru |
| Version | 0.12.5 |
| URL | jeromefroe/lru-rs#224 |
| Date | 2026-01-07 |
Affected versions of this crate contain a soundness issue in the IterMut
iterator implementation. The IterMut::next and IterMut::next_back
methods temporarily create an exclusive reference to the key when
dereferencing the internal node pointer.
This invalidates the shared pointer held by the internal HashMap,
violating Stacked Borrows rules.
Crate keccak is yanked
No extra details provided.