testeronious@lemmy.world to Programming@programming.dev · 1 year agoFast memory vulnerabilities, written in 100% safe Rustgithub.comexternal-linkmessage-square15fedilinkarrow-up1161cross-posted to: [email protected]
arrow-up1161external-linkFast memory vulnerabilities, written in 100% safe Rustgithub.comtesteronious@lemmy.world to Programming@programming.dev · 1 year agomessage-square15fedilinkcross-posted to: [email protected]
minus-squareSorteKanin@feddit.dklinkfedilinkarrow-up14·1 year agoIt’s essentially this issue https://github.com/rust-lang/rust/issues/25860 The code used to exploit the bug in this library is here: https://github.com/Speykious/cve-rs/blob/main/src/lifetime_expansion.rs As far as I understand, the bug basically makes it so you can trick Rust into thinking any lifetime is actually 'static. From that, you can do all kinds of bad stuff.
It’s essentially this issue https://github.com/rust-lang/rust/issues/25860
The code used to exploit the bug in this library is here: https://github.com/Speykious/cve-rs/blob/main/src/lifetime_expansion.rs
As far as I understand, the bug basically makes it so you can trick Rust into thinking any lifetime is actually 'static. From that, you can do all kinds of bad stuff.