CVE-2024-58253: obfstr Type Confusion vulnerability

May 2, 2025 (updated May 5, 2025)

In the obfstr crate before 0.4.4 for Rust, the obfstr! argument type is not restricted to string slices, leading to invalid UTF-8 conversion that produces an invalid value.

References

github.com/CasualX/obfstr
github.com/CasualX/obfstr/compare/v0.4.3...v0.4.4
github.com/CasualX/obfstr/issues/60
github.com/advisories/GHSA-v2p5-q653-9j99
nvd.nist.gov/vuln/detail/CVE-2024-58253

Code Behaviors & Features

Detect and mitigate CVE-2024-58253 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →