RustCrypto/utils

RustCrypto/utils

Releases357
Frequency1 week 1 day
Last Release
Stars644
Utility crates used in RustCrypto

CVE History

CVEAffectedPublishedCVSS v3CVSS v2
9.8 CRITICAL

RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches by the compiler. Prior to 0.4.4, the thumbv6m-none-eabi (Cortex M0, M0+ and M1) compiler emits non-constant time assembly when using cmovnz (portable version). This vulnerability is fixed in 0.4.4.

= *, < 0.7.39.8 CRITICAL

Prototype Pollution in GitHub repository antfu/utils prior to 0.7.3.

< 2021-05-142.6 LOW

A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshot_sync of the component Filename Handler. The manipulation leads to predictable from observable state. The name of the patch is dbab1b66955eeb3d76b34612b358307f5c4e3944. It is recommended to apply a patch to fix this issue. The identifier VDB-216749 was assigned to this vulnerability.