CVE-2024-43402

Rust is a programming language. The fix for CVE-2024-24576, where std::process::Command incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass the fix when the batch file name had trailing whitespace or periods...

CVE-2024-43402

Rust is a programming language. The fix for CVE-2024-24576, where std::process::Command incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass the fix when the batch file name had trailing whitespace or periods...

CVE-2024-43402 Rust OS Command Injection/Argument Injection vulnerability

Rust is a programming language. The fix for CVE-2024-24576, where std::process::Command incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass the fix when the batch file name had trailing whitespace or periods...

CVE-2024-43402 Rust OS Command Injection/Argument Injection vulnerability

Rust is a programming language. The fix for CVE-2024-24576, where std::process::Command incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass the fix when the batch file name had trailing whitespace or periods...

CVE-2024-43402

CVE-2024-43402 describes a Rust vulnerability in how Windows batch file names with trailing spaces or periods could bypass the existing mitigation for CVE-2024-24576. The issue arises from how the original fix checked for .bat/.cmd endings, failing to account for Windows normalizing trailing whit...

CVE-2024-43402 Rust OS Command Injection/Argument Injection vulnerability

Rust is a programming language. The fix for CVE-2024-24576, where std::process::Command incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass the fix when the batch file name had trailing whitespace or periods...

CVE-2024-43402

Rust is a programming language. The fix for CVE-2024-24576, where std::process::Command incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass the fix when the batch file name had trailing whitespace or periods...

foxear (=0.1.0), pressurize (>=0.0.1 <=0.1.0) potentially affected by unknown CVE via bcc (>=0.0.31 <=0.0.32)

bcc CARGO version =0.0.31, =0.0.1, =0.1.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0383...

bitcoin (>=0.4.2 <=0.18.2), bitcoin-amount (>=0.1.3 <=0.1.4) +23 more potentially affected by unknown CVE via strason (>=0.3.4 <=0.4.0)

strason CARGO version =0.3.4, =0.4.2, =0.1.3, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.3.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0386...

aquatic_common (=0.2.0), core-allocator (>=0.1.0 <=0.1.6) +16 more potentially affected by unknown CVE via hwloc (>=0.3.0 <=0.5.0)

hwloc CARGO version =0.3.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =2.0.0, =0.1.6, =5.0.0, =5.0.0, =0.1.1, =0.11.0, =5.0.0, =6.0.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0382...

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation in the United States. A security vulnerability exists in versions of Rust prior to 1.81.0 that stems from a fix that can be bypassed when a batch file name has trailing spaces or periods...

GHSA-P2Q9-36VW-C468 olm-sys: wrapped library unmaintained, potentially vulnerable

After several cryptographic vulnerabilities in libolm were disclosed publicly, the Matrix Foundation has officially deprecated the library. olm-sys is a thin wrapper around libolm and is now deprecated and potentially vulnerable in kind. Users of olm-sys and its higher-level abstraction, olm-rs,...

olm-sys: wrapped library unmaintained, potentially vulnerable

After several cryptographic vulnerabilities in libolm were disclosed publicly, the Matrix Foundation has officially deprecated the library. olm-sys is a thin wrapper around libolm and is now deprecated and potentially vulnerable in kind. Users of olm-sys and its higher-level abstraction, olm-rs,...

New Rust-Based Ransomware Cicada3301 Targets Windows and Linux Systems

Cybersecurity researchers have unpacked the inner workings of a new ransomware variant called Cicada3301 that shares similarities with the now-defunct BlackCat aka ALPHV operation. "It appears that Cicada3301 ransomware primarily targets small to medium-sized businesses SMBs, likely through...

PT-2024-40386 · Olm-Rs +3 · Olm-Rs +3

Name of the Vulnerable Software and Affected Versions: olm-sys affected versions not specified olm-rs affected versions not specified Description: The Matrix Foundation has officially deprecated the libolm library due to several publicly disclosed cryptographic vulnerabilities. As a result,...

CVE-2024-45311

The CVE describes a DoS vulnerability in Quinn’s quinn-proto (v0.11) where calling retry() on an unvalidated connection can cause a panic in certain code paths (e.g., when refute/ignore on the validated connection have a duplicate initial packet, or when decrypting/exhausting connection IDs fails...

RUSTSEC-2024-0368 olm-sys: wrapped library unmaintained, potentially vulnerable

After several cryptographic vulnerabilities in libolm were disclosed publicly, the Matrix Foundation has officially deprecated the library. olm-sys is a thin wrapper around libolm and is now deprecated and potentially vulnerable in kind. Users of olm-sys and its higher-level abstraction, olm-rs,...

Quinn 安全漏洞

Quinn is a pure Rust, asynchronous compatible implementation of the IETF QUIC transport protocol from the quinn-rs open source. A security vulnerability exists in Quinn versions 0.11.0 through 0.11.6. An attacker could exploit this vulnerability to cause a denial of service in an application...

AeP (>=0.1.0 <=0.1.3), AskAI (=0.1.0) +11807 more potentially affected by unknown CVE via proc-macro-error (>=0.2.6 <=1.0.4)

proc-macro-error CARGO version =0.2.6, =0.1.0, =0.1.0, =0.4.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.13.2, =0.13.4 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0370...

AitSar (=0.1.1), Boa (>=0.11.0 <=0.13.1) +9727 more potentially affected by unknown CVE via instant (>=0.1.13 <=0.1.9)

instant CARGO version =0.1.13, =0.11.0, =0.1.0-beta.1, =0.1.1, =0.1.0, =0.1.0, =0.1.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0384...