Primary

Context

obfstr Crate Invalid UTF-8 Conversion Vulnerability in Rust

Vulnerability

A vulnerability exists in the obfstr crate for Rust, specifically in versions prior to 0.4.4. The issue arises because the obfstr! macro argument type is not limited to string slices. This oversight allows for invalid UTF-8 conversions, resulting in the creation of invalid string values. The vulnerability can lead to undefined behavior in Rust, as it introduces the possibility of invalid UTF-8 data, which is not allowed in the language.

Impact

The vulnerability can cause undefined behavior in Rust by introducing invalid UTF-8, potentially leading to runtime errors or security issues.

Reproduction

The vulnerability can be reproduced by using the obfstr! macro with arguments that are not string slices, such as raw byte arrays. This will trigger the invalid UTF-8 conversion, creating an invalid string value.

Remediation

Users can upgrade to obfstr version 0.4.4 or later, where this vulnerability has been addressed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.7

remediation

0.0

relevance

0.0

threat

1.6

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.7

remediation

0.0

relevance

0.0

threat

1.6

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

obfstr Crate Invalid UTF-8 Conversion Vulnerability in Rust

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating