Sébastien Marie is a user on maly.io. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

Arbitrary code execution in a core #Rust library: cve.mitre.org/cgi-bin/cvename.

When I started looking at applying CFI and SafeStack to Rust applications, multiple people told me that Rust applications don't need exploit mitigations because Rust is a safe language.

And, yet, here we are.

@lattera if I read the linked issue correctly, it was fixed almost a year ago, and yesterday a CVE was issued?

someone was an asshole about that.

Sébastien Marie @semarie
Follow

@phessler @lattera the CVE was issued late because the issue wasn't flagged as security issue when reported.

the story is here:
medium.com/@shnatsel/how-rusts

· Web · 1 · 0