- Reported
-
- Issued
-
- Package
-
cve-rs
(crates.io)
- Type
-
INFO
Unsound
- Categories
-
- Keywords
-
#soundness-hole
- References
-
- Patched
-
no patched versions
Description
This crate is a joke and should never be used.
cve-rs provides demonstrations of common memory vulnerabilities (such as buffer overflows and segfaults) implemented completely within safe Rust.
Internally, this crate does not use unsafe code, it instead exploits a soundness bug in rustc: https://github.com/rust-lang/rust/issues/25860
Advisory available under CC0-1.0
license.