CVE-2024-58253: In the obfstr crate before 0.4.4 for Rust, the obfstr! argument type is not restricted to string slices, leading to invalid UTF-8 conversion that...

2.9 CVSS

Description

In the obfstr crate before 0.4.4 for Rust, the obfstr! argument type is not restricted to string slices, leading to invalid UTF-8 conversion that produces an invalid value.

Classification

CVE ID: CVE-2024-58253

CVSS Base Severity: LOW

CVSS Base Score: 2.9

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Problem Types

CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

Affected Products

Vendor: CasualX

Product: obfstr

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 2.33% (scored less or equal to compared to others)

EPSS Date: 2025-05-31 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-58253
https://github.com/CasualX/obfstr/issues/60
https://github.com/CasualX/obfstr/compare/v0.4.3...v0.4.4

Timeline

2025-05-02 20:40:11 UTC
CVE

In the obfstr crate before 0.4.4 for Rust, the obfstr! argument type is not restricted to string slices, leading to invalid UTF-8 conversion that...
2025-05-05 18:15:15 UTC
Github Advisory Database (Rust)

[obfstr] obfstr Type Confusion vulnerability