testeronious@lemmy.world to Programming@programming.dev · 9 months agoFast memory vulnerabilities, written in 100% safe Rustgithub.comexternal-linkmessage-square15fedilinkarrow-up1161arrow-down14cross-posted to: hackernews@lemmy.smeargle.fansrust@lemmit.online
arrow-up1157arrow-down1external-linkFast memory vulnerabilities, written in 100% safe Rustgithub.comtesteronious@lemmy.world to Programming@programming.dev · 9 months agomessage-square15fedilinkcross-posted to: hackernews@lemmy.smeargle.fansrust@lemmit.online
minus-squareSorteKanin@feddit.dklinkfedilinkarrow-up14·9 months agoIt’s essentially this issue https://github.com/rust-lang/rust/issues/25860 The code used to exploit the bug in this library is here: https://github.com/Speykious/cve-rs/blob/main/src/lifetime_expansion.rs As far as I understand, the bug basically makes it so you can trick Rust into thinking any lifetime is actually 'static. From that, you can do all kinds of bad stuff.
It’s essentially this issue https://github.com/rust-lang/rust/issues/25860
The code used to exploit the bug in this library is here: https://github.com/Speykious/cve-rs/blob/main/src/lifetime_expansion.rs
As far as I understand, the bug basically makes it so you can trick Rust into thinking any lifetime is actually 'static. From that, you can do all kinds of bad stuff.