9528 matches found
CVE-2024-43783
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Instances of the Apollo Router running versions =1.21.0 and =1.7.0 and 1.52.1 are impacted by a denial-of-service vulnerability if all of the...
GHSA-X6XQ-WHH3-GG32 Apollo Router Coprocessors may cause Denial-of-Service when handling request bodies
Impact Instances of the Apollo Router using either of the following may be impacted by a denial-of-service vulnerability. 1. External Coprocessing with specific configurations; or 2. Native Rust Plugins accessing the Router request body in the RouterService layer Router customizations using Rhai...
Apollo Router Coprocessors may cause Denial-of-Service when handling request bodies
Impact Instances of the Apollo Router using either of the following may be impacted by a denial-of-service vulnerability. 1. External Coprocessing with specific configurations; or 2. Native Rust Plugins accessing the Router request body in the RouterService layer Router customizations using Rhai...
CVE-2024-43783 Apollo Router Coprocessors may cause Denial-of-Service when handling request bodies
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Instances of the Apollo Router running versions =1.21.0 and =1.7.0 and 1.52.1 are impacted by a denial-of-service vulnerability if all of the...
CVE-2024-43783 Apollo Router Coprocessors may cause Denial-of-Service when handling request bodies
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Instances of the Apollo Router running versions =1.21.0 and =1.7.0 and 1.52.1 are impacted by a denial-of-service vulnerability if all of the...
CVE-2024-43783 Apollo Router Coprocessors may cause Denial-of-Service when handling request bodies
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Instances of the Apollo Router running versions =1.21.0 and =1.7.0 and 1.52.1 are impacted by a denial-of-service vulnerability if all of the...
CVE-2024-43783
The CVE affects Apollo Router Core. If using External Coprocessing, versions 1.21.x–1.52.0 with router.request.body enabled can load entire HTTP request bodies into memory, risking OOM. If using a Native Rust Plugin, versions 1.7.0–1.51.x that access Request.router_request and accumulate the body...
AZL-48304 CVE-2024-43806 affecting package rust for versions less than 1.72.0-9
Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and...
anchor-token (>=0.0.1 <=0.3.0-alpha.1), astro4nit (=0.0.1) +60 more potentially affected by unknown CVE via cw0 (>=0.10.3 <=0.9.1)
cw0 CARGO version =0.10.3, =0.0.1, =0.3.1, =2.5.2, =0.1.0, =0.3.0, =0.4.0, =0.4.0, =0.2.0, =0.2.0, =0.6.0, =0.6.0, =0.2.0, =0.2.1, =0.10.3 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0385...
openSUSE 15 Security Update : chromium, gn, rust-bindgen (openSUSE-SU-2024:0254-2)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0254-2 advisory. - Chromium 127.0.6533.119 boo1228941 CVE-2024-7532: Out of bounds memory access in ANGLE CVE-2024-7533: Use after free in Sharing CVE-2024-7550:...
Diesel vulnerable to Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts
The following presentation at this year's DEF CON was brought to our attention on the Diesel Gitter Channel: SQL Injection isn't Dead: Smuggling Queries at the Protocol Level Archive link for posterity. Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to...
Security update for chromium, gn, rust-bindgen (important)
openSUSE Security Update: Security update for chromium, gn, rust-bindgen Announcement ID: openSUSE-SU-2024:0254-2 Rating: important References: 1228628 1228940 1228941 1228942 Cross-References: CVE-2024-6988 CVE-2024-6989 CVE-2024-6990 CVE-2024-6991 CVE-2024-6992 CVE-2024-6993 CVE-2024-6994...
PT-2024-31475 · Unknown +1 · Matrix Libolm +1
Name of the Vulnerable Software and Affected Versions: Matrix libolm versions through 3.2.16 Description: An issue was discovered in Matrix libolm, where cache-timing attacks can occur due to the use of base64 when decoding group session keys. This vulnerability only affects products that are no...
Russh 安全漏洞
Russh is a Rust SSH client and server-side library from the individual developers at Eugene. A security vulnerability exists in Russh that stems from allocating an untrusted amount of memory...
GHSA-XMRP-424F-VFPX SQLx Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord: SQL Injection isn't Dead: Smuggling Queries at the Protocol Level Archive link for posterity. Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,...
GHSA-RV9V-R4VM-GJ8X Miniscript allows stack consumption
The Miniscript aka rust-miniscript library for Rust allows stack consumption because it does not properly track tree depth...
Miniscript allows stack consumption
The Miniscript aka rust-miniscript library for Rust allows stack consumption because it does not properly track tree depth...
CVE-2024-44073
The Miniscript aka rust-miniscript library before 12.2.0 for Rust allows stack consumption because it does not properly track tree depth...
CVE-2024-44073
The Miniscript aka rust-miniscript library before 12.2.0 for Rust allows stack consumption because it does not properly track tree depth...
CVE-2024-44073
The Miniscript aka rust-miniscript library before 12.2.0 for Rust allows stack consumption because it does not properly track tree depth...