CVE-2024-32984

Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. The Rust implementation of the Yamux stream multiplexer uses a vector for pending frames. This vector is not bounded in length. Every time the Yamux protocol requires sending of a new frame, this frame gets appended ...

CVE-2024-32984 Yamux Memory Exhaustion Vulnerability via Active::pending_frames property

Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. The Rust implementation of the Yamux stream multiplexer uses a vector for pending frames. This vector is not bounded in length. Every time the Yamux protocol requires sending of a new frame, this frame gets appended ...

CVE-2024-32984 Yamux Memory Exhaustion Vulnerability via Active::pending_frames property

Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. The Rust implementation of the Yamux stream multiplexer uses a vector for pending frames. This vector is not bounded in length. Every time the Yamux protocol requires sending of a new frame, this frame gets appended ...

CVE-2024-32984 Yamux Memory Exhaustion Vulnerability via Active::pending_frames property

Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. The Rust implementation of the Yamux stream multiplexer uses a vector for pending frames. This vector is not bounded in length. Every time the Yamux protocol requires sending of a new frame, this frame gets appended ...

Fedora 40 : rust-routinator (2024-d20ff4a09b)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-d20ff4a09b advisory. from changelog: Fix the RTR listener so that Routinator wont exit if an incoming RTR connection is closed again too quickly. 937, reported by Yohei Nishimura...

Fedora 40 : rust (2024-ab4573fb3b)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-ab4573fb3b advisory. Security fix for CVE-2024-24576 Windows command injection Tenable has extracted the preceding description block directly from the Fedora security...

Fedora 37 : rust (2023-19bcafe341)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-19bcafe341 advisory. Security fix for CVE-2022-46176: Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. For more details, see the...

Fedora 40 : rust-h2 (2024-f99ee6bf95)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-f99ee6bf95 advisory. Update to version 0.3.26. Addresses RUSTSEC-2024-0332. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

Fedora 40 : rust-axum / rust-tokio-tungstenite / rust-tungstenite / rust-warp (2023-f81c1ab1e6)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-f81c1ab1e6 advisory. - Update the axum crate to version 0.6.20. - Update the tokio-tungstenite crate to version 0.20.1. - Update the tungstenite crate to version 0.20.1. - Port...

Fedora 40 : firecracker / rust-aes-gcm (2023-377bc1b17c)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-377bc1b17c advisory. - Update the aes-gcm crate to version 0.10.3. Addresses CVE-2023-42811. - Rebuild dependent packages firecracker for aes-gcm v0.10.3...

Fedora 40 : rust-cargo / rust-cargo-c / rust-cargo-credential / etc (2023-6f419dc91b)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-6f419dc91b advisory. - Update cargo-c to version 0.7.29+cargo-0.74.0. - Update the cargo crate to version 0.74.0. - Update cbindgen to version 0.26.0. - Add a compat package...

AZL-40264 CVE-2024-32884 affecting package rust for versions less than 1.72.0-8

gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clo...

CVE-2024-32884

gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clo...

AZL-40229 CVE-2024-32884 affecting package rust for versions less than 1.75.0-9

gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clo...

CVE-2024-32884 gix-transport indirect code execution via malicious username

gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clo...

gitoxide 安全漏洞

gitoxide is a git implementation written in Rust by Sebastian Thiel, a solo developer. A security vulnerability exists in gitoxide because gix-transport does not check the username of the URL...

[SECURITY] Fedora 40 Update: rust-1.77.2-1.fc40

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

[SECURITY] Fedora 40 Update: rust-h2-0.3.26-1.fc40

An HTTP/2 client and server...

CVE-2024-32650

Rustls is a modern TLS library written in Rust. rustls::ConnectionCommon::completeio could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a closenotify message immediately after clienthello, the server's completeio will get in an infinite...

[SECURITY] Fedora 38 Update: rust-1.77.2-1.fc38

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...