[SECURITY] Fedora 38 Update: rust-routinator-0.13.2-1.fc38

An RPKI relying party software...

Fedora 39 : rust-routinator (2024-1f5908a311)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-1f5908a311 advisory. from changelog: Fix the RTR listener so that Routinator wont exit if an incoming RTR connection is closed again too quickly. 937, reported by Yohei Nishimura...

Fedora 38 : rust-routinator (2024-28a151028a)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-28a151028a advisory. from changelog: Fix the RTR listener so that Routinator wont exit if an incoming RTR connection is closed again too quickly. 937, reported by Yohei Nishimura...

PT-2024-6681 · Mongodb · Mongodb Rust Driver

Name of the Vulnerable Software and Affected Versions: MongoDB Rust Driver versions prior to 2.8.2 Description: The issue is related to incorrect handling of syntactically incorrect structures, which may result in the construction of unintended server commands. This could lead to unexpected...

ardaku (=0.1.0), argon (=0.1.0) +11 more potentially affected by CVE-2024-28123 via wasmi (>=0.19.0 <=0.30.0)

wasmi CARGO version =0.19.0, =0.4.0, =0.2.3, =0.2.3, =0.2.3, =0.1.0, =0.30.0 - wright =0.7.0 Source cves: CVE-2024-28123 Source advisory: OSV:GHSA-75JP-VQ8X-H4CQ...

CVE-2024-28101

CVE-2024-28101 concerns the Apollo Router (Rust) and affects versions 0.9.5 through 1.40.2. The vulnerability arises when handling compressed HTTP payloads: after decompression, the router evaluates limits.http_max_request_bytes, which can lead to significant memory consumption if highly compress...

CVE-2024-28101 Apollo Router's Compressed Payloads do not respect HTTP Payload Limits

The Apollo Router is a graph router written in Rust to run a federated supergraph that uses Apollo Federation. Versions 0.9.5 until 1.40.2 are subject to a Denial-of-Service DoS type vulnerability. When receiving compressed HTTP payloads, affected versions of the Router evaluate the...

CVE-2024-28101 Apollo Router's Compressed Payloads do not respect HTTP Payload Limits

The Apollo Router is a graph router written in Rust to run a federated supergraph that uses Apollo Federation. Versions 0.9.5 until 1.40.2 are subject to a Denial-of-Service DoS type vulnerability. When receiving compressed HTTP payloads, affected versions of the Router evaluate the...

CVE-2024-27308

Mio is a Metal I/O library for Rust. When using named pipes on Windows, mio will under some circumstances return invalid tokens that correspond to named pipes that have already been deregistered from the mio registry. The impact of this vulnerability depends on how mio is used. For some...

Design/Logic Flaw

Mio is a Metal I/O library for Rust. When using named pipes on Windows, mio will under some circumstances return invalid tokens that correspond to named pipes that have already been deregistered from the mio registry. The impact of this vulnerability depends on how mio is used. For some...

CVE-2024-27308

CVE-2024-27308 affects the Mio Rust library (Windows named pipes). Vulnerable are Mio versions 0.7.2 through 0.8.10; fixed in 0.8.11. The issue is that, in certain cases, tokens for named pipes can refer to deregistered pipes, which can lead to use-after-free scenarios, especially if applications...

CVE-2024-27308 Mio's tokens for named pipes may be delivered after deregistration

Mio is a Metal I/O library for Rust. When using named pipes on Windows, mio will under some circumstances return invalid tokens that correspond to named pipes that have already been deregistered from the mio registry. The impact of this vulnerability depends on how mio is used. For some...

Apollo Router's Compressed Payloads do not respect HTTP Payload Limits

Impact The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service DoS type vulnerability. When receiving compressed HTTP payloads, affected versions of the Route...

GHSA-CGQF-3CQ5-WVCJ Apollo Router's Compressed Payloads do not respect HTTP Payload Limits

Impact The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service DoS type vulnerability. When receiving compressed HTTP payloads, affected versions of the Route...

*const c_void / ExternalPointer unsoundness leading to use-after-free

Summary Use of inherently unsafe const cvoid and ExternalPointer leads to use-after-free access of the underlying structure, resulting in arbitrary code execution. Details const cvoid and ExternalPointer defined via external! macros types are used to represent v8::External wrapping arbitrary void...

GHSA-3J27-563V-28WF *const c_void / ExternalPointer unsoundness leading to use-after-free

Summary Use of inherently unsafe const cvoid and ExternalPointer leads to use-after-free access of the underlying structure, resulting in arbitrary code execution. Details const cvoid and ExternalPointer defined via external! macros types are used to represent v8::External wrapping arbitrary void...

Mio Security Breach

Mio is the Metal I/O library for Rust. A security vulnerability exists in Mio versions v0.7.2 through prior to v0.8.11, which stems from the return of invalid tokens under certain circumstances, potentially leading to reuse after release...

aide (>=0.1.0 <=0.4.3), bpxe (>=0.1.0 <=0.1.2) +38 more potentially affected by unknown CVE via linkme (>=0.1.6 <=0.2.10)

linkme CARGO version =0.1.6, =0.1.0, =0.1.0, =0.1.2, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.0.2-alpha, =0.0.2-alpha, =0.0.4-alpha and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0407...

ashpd (>=0.2.0 <=0.4.0-alpha.4) potentially affected by unknown CVE via gdkx11 (>=0.14.0 <=0.17.0)

gdkx11 CARGO version =0.14.0, =0.2.0, =0.4.0-alpha.4 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0417...

UWUWUW (>=0.13.2 <=0.13.4), ashpd (>=0.2.0 <=0.4.0-alpha.4) +65 more potentially affected by unknown CVE via gdkx11-sys (>=0.10.0 <=0.18.2)

gdkx11-sys CARGO version =0.10.0, =0.13.2, =0.2.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =1.0.0, =0.3.0, =0.1.0, =0.4.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0414...