9528 matches found
UBUNTU-CVE-2024-47763
Wasmtime is an open source runtime for WebAssembly. Wasmtime's implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if Wasmtime was compiled with Rust 1.80 or prior. The runtim...
CVE-2024-47763 Wasmtime runtime crash when combining tail calls with trapping imports
Wasmtime is an open source runtime for WebAssembly. Wasmtime's implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if Wasmtime was compiled with Rust 1.80 or prior. The runtim...
CVE-2024-47763
Wasmtime is an open source runtime for WebAssembly. Wasmtime's implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if Wasmtime was compiled with Rust 1.80 or prior. The runtim...
CVE-2024-47763 Wasmtime runtime crash when combining tail calls with trapping imports
Wasmtime is an open source runtime for WebAssembly. Wasmtime's implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if Wasmtime was compiled with Rust 1.80 or prior. The runtim...
CVE-2024-47763
The CVE-2024-47763 issue affects Wasmtime’s WebAssembly runtime, where tail-call support combined with stack traces can trigger a crash. Root cause: when a WebAssembly function uses return_call/return_call_indirect/return_call_ref to a host function that captures a stack trace, the stack-walking ...
CVE-2024-47763 Wasmtime runtime crash when combining tail calls with trapping imports
Wasmtime is an open source runtime for WebAssembly. Wasmtime's implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if Wasmtime was compiled with Rust 1.80 or prior. The runtim...
GHSA-PFR9-2P92-QRHQ Databento Binary Encoding (DBN) has a heap buffer overflow using c_chars_to_str function
The heap-buffer-overflow is triggered in the strlen function when handling the ccharstostr function in the dbn crate. This vulnerability occurs because the CStr::fromptr function in Rust assumes that the provided C string is null-terminated. However, there is no guarantee that the input chars arr...
The vulnerability of the MongoDB Rust Driver’s database management system driver lies in its improper handling of syntactically incorrect structures, allowing attackers to execute arbitrary commands.
The vulnerability of the MongoDB Rust Driver driver is related to the improper handling of syntaxically incorrect structures. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
ABC_Game_Engine (>=0.1.0 <=0.1.2), AgRV2K_PAC (>=0.1.0 <=0.1.1) +8837 more potentially affected by unknown CVE via paste (>=0.1.18 <=1.0.8)
paste CARGO version =0.1.18, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =2.0.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =0.0.15 - aa2nucaln =0.1.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0436...
Heap Buffer overflow using c_chars_to_str function
The heap-buffer-overflow is triggered in the strlen function when handling the ccharstostr function in the dbn crate. This vulnerability occurs because the CStr::fromptr function in Rust assumes that the provided C string is null-terminated. However, there is no guarantee that the input chars arr...
apollo-gateway-rs (>=0.7.5 <=0.7.6), aqlgen (>=0.1.0 <=0.8.0) +83 more potentially affected by CVE-2024-47614 via async-graphql (>=1.13.4 <=6.0.11)
async-graphql CARGO version =1.13.4, =0.7.5, =0.1.0, =0.1.0, =0.1.0, =0.0.1-alpha+3, =0.1.0, =2.9.13, =4.0.3, =0.1.0-beta.0, =2.9.12, =0.2.0, =1.14.10, =0.1.0, =0.4.4 and more Source cves: CVE-2024-47614 Source advisory: OSV:GHSA-5GC2-7C65-8FQ8...
CVE-2024-47614
async-graphql is a GraphQL server library implemented in Rust. async-graphql before 7.0.10 does not limit the number of directives for a field. This can lead to Service Disruption, Resource Exhaustion, and User Experience Degradation. This vulnerability is fixed in 7.0.10...
CVE-2024-47614
The CVE-2024-47614 issue affects the Rust GraphQL server library async-graphql prior to version 7.0.10 . The vulnerability arises because it does not limit the number of directives for a field, which can lead to Service Disruption , Resource Exhaustion , and degraded User Experience . Affected so...
CVE-2024-47614 async-graphql vulnerable to Directive Overload
async-graphql is a GraphQL server library implemented in Rust. async-graphql before 7.0.10 does not limit the number of directives for a field. This can lead to Service Disruption, Resource Exhaustion, and User Experience Degradation. This vulnerability is fixed in 7.0.10...
CVE-2024-47614 async-graphql vulnerable to Directive Overload
async-graphql is a GraphQL server library implemented in Rust. async-graphql before 7.0.10 does not limit the number of directives for a field. This can lead to Service Disruption, Resource Exhaustion, and User Experience Degradation. This vulnerability is fixed in 7.0.10...
THN Cybersecurity Recap: Last Week's Top Threats and Trends (September 23-29)
Hold onto your hats, folks, because the cybersecurity world is anything but quiet! Last week, we dodged a bullet when we discovered vulnerabilities in CUPS that could've opened the door to remote attacks. Google's switch to Rust is paying off big time, slashing memory-related vulnerabilities in...
Google's Shift to Rust Programming Cuts Android Memory Vulnerabilities by 68%
Google has revealed that its transition to memory-safe languages such as Rust as part of its secure-by-design approach has led to the percentage of memory-safe vulnerabilities discovered in Android dropping from 76% to 24% over a period of six years. The tech giant said focusing on Safe Coding fo...
Cybersecurity Researchers Warn of New Rust-Based Splinter Post-Exploitation Tool
Cybersecurity researchers have flagged the discovery of a new post-exploitation red team tool called Splinter in the wild. Palo Alto Networks Unit 42 shared its findings after it discovered the program on several customers' systems. "It has a standard set of features commonly found in penetration...
AeP (>=0.1.0 <=0.1.3), ApacheLogAnonymizer (>=0.1.0 <=0.1.1) +24249 more potentially affected by unknown CVE via atty (>=0.1.2 <=0.2.14)
atty CARGO version =0.1.2, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.8, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.1.4 - IMAPServer =0.2.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0375...
`atty` is unmaintained
The maintainer of atty has published an official notice that the crate is no longer under development, and that users should instead rely on the functionality in the standard library's IsTerminal trait. Alternatives - std::io::IsTerminal - Stable since Rust 1.70.0 and the recommended replacement...