Rust

In the standard library in Rust before 1.29.0, there is weak synchronization in the Arc::get_mut method. This synchronization issue can be lead to memory safety issues through race conditions.

Manual implementations of Error::type_id can cause memory unsafety. Overriding the default implementation of Error::type_id can violate Rust's safety guarantees.

Conversion between raw slices of differently sized types is undefined behaviour, because the length of the pointer is not converted using as.

The strength of public-key-based cryptographic algorithm (like RSA) is determined by the time that it takes to derive the private key by using brute-force methods. 1024-bit keys are to be avoided since they are easy to brute-force. However, 2048-bit keys are said to be sufficient until 2030. Preferably use 4096-bit keys.

It is unsafe to match untrusted input against regular expressions without ^ anchor. URLs with missing anchors can prove fatal as malicious inputs bypass the system's security checks.

This issue is raised when a hardcoded temporary file or directory is detected. Creating and using insecure temporary files can leave the application vulnerable to attacks. Lack of uniqueness in temporary files allows attackers to predict the filename and inject dangerous data into the application through the temporary file.

Certain cryptographic algorithms are known to be cryptographically insecure and should be avoided.

The caret symbol (^) in some languages is used to represent exponentiation. However, in Rust, as in many C-like languages, it represents the bitwise exclusive-or (XOR) operation. It is recommended to carefully vet if the caret is being used for XOR or exponentiation.

In the standard library in Rust before 1.58.1, there is a race condition that enables symlink following. An attacker could take advantage of this security vulnerability to trick a privileged program into deleting files and directories the attacker couldn't otherwise access or delete.

Converting *const to *mut works in safe code. However, mutating such a pointer can result in undefined behavior. Such situations can only occur in unsafe code, because dereferencing pointers is an unsafe operation.

Conversion from a raw slice to ptr results in undefined behavior.

Consider using the following conversion methods:

• std::ptr::slice_from_raw_parts to convert a ptr and len pair into a raw slice
• std::slice::as_ptr to convert a raw slice to a ptr

Excessive permissions are granted to a file or directory. This issue is raised when a permission mode greater than 0o755 is given.

In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.

Use of headers such as "Server", "X-Powered-By" and "X-AspNet-Version" can leak sensitive information of your application and server. Avoid using these headers if possible.

In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics.

The presence of invisible Unicode characters can lead to various vulnerabilities that may be hard to detect with a simple code review. Consider revisiting this line of code.

Using non-octal values to set Unix file permissions can result in unintended file permissions.

Binding to all network interfaces can potentially open up a service to traffic on unintended interfaces.