Reported

February 10, 2025

Issued

May 5, 2025 (last modified: May 6, 2025)

Package

cve-rs (crates.io)

Type

INFO Unsound

Categories

• memory-corruption

Keywords

#soundness-hole

References

• https://github.com/Speykious/cve-rs

Patched

no patched versions

Description

This crate is a joke and should never be used.

cve-rs provides demonstrations of common memory vulnerabilities (such as buffer overflows and segfaults) implemented completely within safe Rust.

Internally, this crate does not use unsafe code, it instead exploits a soundness bug in rustc: https://github.com/rust-lang/rust/issues/25860

Advisory available under CC0-1.0 license.