Low severity2.9NVD Advisory· Published May 2, 2025· Updated Apr 15, 2026

CVE-2024-58253

Description

In the obfstr crate before 0.4.4 for Rust, the obfstr! argument type is not restricted to string slices, leading to invalid UTF-8 conversion that produces an invalid value.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
obfstrcrates.io	< 0.4.4	0.4.4

Patches

5431a54f8bcd

https://github.com/CasualX/obfstrvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-v2p5-q653-9j99ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-58253ghsaADVISORY
github.com/CasualX/obfstr/compare/v0.4.3...v0.4.4nvdWEB
github.com/CasualX/obfstr/issues/60nvdWEB

News mentions

No linked articles in our index yet.

cvss	0.189
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000