This project contains known security vulnerabilities. Find detailed information at the bottom.

Crate servo-script

Dependencies

(136 total, 28 outdated, 1 insecure, 3 possibly insecure)

CrateRequiredLatestStatus
 aes^0.8.40.9.1out of date
 aes-gcm^0.10.30.11.0out of date
 aes-kw^0.2.10.3.1out of date
 app_units^0.70.7.8up to date
 argon2^0.50.5.3up to date
 arrayvec^0.70.7.7up to date
 atomic_refcell^0.1.140.1.14up to date
 aws-lc-rs^1.171.17.1up to date
 backtrace^0.30.3.76up to date
 base64^0.22.10.22.1up to date
 base64ct^1.81.8.3up to date
 bitflags^2.112.13.0up to date
 brotli^8.0.28.0.4up to date
 buf-read-ext^0.40.4.0up to date
 cbc^0.1.20.2.1out of date
 chacha20poly1305^0.100.11.0out of date
 chardetng^0.11.0.0out of date
 chrono ⚠️^0.40.4.45maybe insecure
 cipher^0.4.40.5.2out of date
 content-security-policy^0.8.00.8.0up to date
 cookie^0.180.18.1up to date
 crossbeam-channel^0.50.5.15up to date
 cssparser^0.370.37.0up to date
 ctr^0.9.20.10.1out of date
 data-url^0.30.3.2up to date
 servo-deny-public-fields=0.3.00.3.0up to date
 der^0.70.8.0out of date
 servo-devtools-traits=0.3.00.3.0up to date
 digest^0.100.11.3out of date
 servo-dom-struct=0.3.00.3.0up to date
 ecdsa^0.160.16.9up to date
 elliptic-curve^0.130.14.1out of date
 servo-embedder-traits=0.3.00.3.0up to date
 encoding_rs^0.80.8.35up to date
 euclid^0.220.22.14up to date
 flate2^1.11.1.9up to date
 servo-fonts=0.3.00.3.0up to date
 servo-fonts-traits=0.3.00.3.0up to date
 glow^0.17.00.17.0up to date
 headers^0.40.4.1up to date
 hkdf^0.120.13.0out of date
 html5ever^0.390.39.0up to date
 http^1.41.4.2up to date
 httparse^1.91.10.1up to date
 servo-hyper-serde=0.3.00.3.0up to date
 icu_locid^1.5.02.0.0out of date
 indexmap^2.14.02.14.0up to date
 ipc-channel^0.220.22.0up to date
 itertools^0.140.15.0out of date
 mozjs=0.15.140.17.0out of date
 servo-jstraceable-derive=0.3.00.3.0up to date
 keyboard-types^0.8.30.8.3up to date
 servo-layout-api=0.3.00.3.0up to date
 libc^0.20.2.186up to date
 log^0.4.300.4.33up to date
 servo-malloc-size-of=0.3.00.3.0up to date
 malloc_size_of_derive^0.10.1.3up to date
 markup5ever^0.390.39.0up to date
 servo-media-thread=0.3.00.3.0up to date
 servo-metrics=0.3.00.3.0up to date
 mime^0.3.130.3.17up to date
 mime_guess^2.0.52.0.5up to date
 ml-dsa ⚠️^0.0.40.1.1out of date
 ml-kem^0.20.3.2out of date
 mozangle^0.5.50.5.5up to date
 servo-net-traits=0.3.00.3.0up to date
 nom-rfc8288^0.4.00.4.0up to date
 num-bigint-dig^0.80.9.1out of date
 num-traits^0.20.2.19up to date
 num_cpus^1.17.01.17.0up to date
 ocb3^0.1.00.1.0up to date
 p256^0.130.13.2up to date
 p384^0.130.13.1up to date
 p521^0.130.13.3up to date
 servo-paint-api=0.3.00.3.0up to date
 parking_lot^0.120.12.5up to date
 percent-encoding^2.32.3.2up to date
 phf^0.130.14.0out of date
 servo-pixels=0.3.00.3.0up to date
 pkcs8^0.100.11.0out of date
 postcard^1.1.31.1.3up to date
 servo-profile-traits=0.3.00.3.0up to date
 rand^0.90.10.1out of date
 regex^1.121.12.4up to date
 rsa ⚠️^0.9.100.9.10insecure
 rustc-hash^2.1.22.1.2up to date
 servo-script-bindings=0.3.00.3.0up to date
 servo-script-traits=0.3.00.3.0up to date
 sec1^0.70.8.1out of date
 selectors^0.38.00.38.0up to date
 serde^1.0.2281.0.228up to date
 serde_json^1.01.0.150up to date
 servo-background-hang-monitor-api=0.3.00.3.0up to date
 servo-base=0.3.00.3.0up to date
 servo-bluetooth-traits=0.3.00.3.0up to date
 servo-canvas-traits=0.3.00.3.0up to date
 servo-config=0.3.00.3.0up to date
 servo-constellation-traits=0.3.00.3.0up to date
 servo-geometry=0.3.00.3.0up to date
 servo-media=0.3.00.3.0up to date
 servo-tracing=0.3.00.3.0up to date
 servo-url=0.3.00.3.0up to date
 servo_arc^0.4.30.4.3up to date
 sha1^0.100.11.0out of date
 sha2^0.100.11.0out of date
 sha3^0.100.12.0out of date
 smallvec^1.151.15.2up to date
 servo-storage-traits=0.3.00.3.0up to date
 strum^0.280.28.0up to date
 stylo^0.18.00.18.0up to date
 stylo_atoms^0.18.00.18.0up to date
 stylo_dom^0.18.00.18.0up to date
 stylo_malloc_size_of^0.18.00.18.0up to date
 stylo_traits^0.18.00.18.0up to date
 swapper^0.10.1.0up to date
 tempfile^33.27.0up to date
 tendril^0.50.5.0up to date
 time ⚠️^0.30.3.52maybe insecure
 servo-timers=0.3.00.3.0up to date
 tracing^0.1.440.1.44up to date
 unicode-bidi^0.3.180.3.18up to date
 unicode-script^0.50.5.8up to date
 url^2.52.5.8up to date
 urlpattern^0.30.6.0out of date
 uuid^1.23.11.23.4up to date
 web_atoms^0.2.40.2.5up to date
 webdriver^0.53.00.54.0out of date
 servo-webgpu-traits=0.3.00.3.0up to date
 webrender_api^0.680.69.0out of date
 servo-webxr-api=0.3.00.3.0up to date
 wgpu-core^2929.0.3up to date
 wgpu-types^2929.0.3up to date
 x25519-dalek^2.0.12.0.1up to date
 xml5ever^0.390.39.0up to date
 servo-xpath=0.3.00.3.0up to date
 zeroize^1.81.9.0up to date

Security Vulnerabilities

chrono: Potential segfault in `localtime_r` invocations

RUSTSEC-2020-0159

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

Workarounds

No workarounds are known.

References

rsa: Marvin Attack: potential key recovery through timing sidechannels

RUSTSEC-2023-0071

Impact

Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key.

Patches

No patch is yet available, however work is underway to migrate to a fully constant-time implementation.

Workarounds

The only currently available workaround is to avoid using the rsa crate in settings where attackers are able to observe timing information, e.g. local use on a non-compromised computer is fine.

References

This vulnerability was discovered as part of the "Marvin Attack", which revealed several implementations of RSA including OpenSSL had not properly mitigated timing sidechannel attacks.

ml-dsa: Timing side-channel in ML-DSA decomposition

RUSTSEC-2025-0144

Summary

A timing side-channel was discovered in the Decompose algorithm which is used during ML-DSA signing to generate hints for the signature.

Details

The analysis was performed using a constant-time analyzer that examines compiled assembly code for instructions with data-dependent timing behavior. The analyzer flags:

  • UDIV/SDIV instructions: Hardware division instructions have early termination optimizations where execution time depends on operand values.

The decompose function used a hardware division instruction to compute r1.0 / TwoGamma2::U32. This function is called during signing through high_bits() and low_bits(), which process values derived from secret key components:

  • (&w - &cs2).low_bits() where cs2 is derived from secret key component s2
  • Hint::new() calls high_bits() on values derived from secret key component t0

Original Code:

fn decompose<TwoGamma2: Unsigned>(self) -> (Elem, Elem) {
    // ...
    let mut r1 = r_plus - r0;
    r1.0 /= TwoGamma2::U32;  // Variable-time division on secret-derived data
    (r1, r0)
}

Impact

The dividend (r1.0) is derived from secret key material. An attacker with precise timing measurements could extract information about the signing key by observing timing variations in the division operation.

Mitigation

Integer division was replaced with a constant-time Barrett reduction.

time: Denial of Service via Stack Exhaustion

RUSTSEC-2026-0009

Impact

When user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario.

Patches

A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.

Workarounds

Limiting the length of user input is the simplest way to avoid stack exhaustion, as the amount of the stack consumed would be at most a factor of the length of the input.