CVE-2023-43669

The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amount...

DEBIAN-CVE-2023-43669

The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amount...

CVE-2023-43669

The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amount...

CVE-2023-43669

The CVE-2023-43669 issue affects the Tungstenite crate for Rust up to version 0.20.0, where an excessively long HTTP header in a client handshake can cause high CPU usage and denial of service. Affected projects using tungstenite (and dependent crates like tokio-tungstenite) are exposed to potent...

CVE-2023-43669

The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amount...

Important: ecs-service-connect-agent

Issue Overview: Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1, Wasmtime's implementation of managing per-instance state, such as tables and memories, contains LLVM-level undefined behavior. This undefined behavior was found to cause runtime-level issu...

CVE-2023-42447

blurhash-rs is a pure Rust implementation of Blurhash, software for encoding images into ASCII strings that can be turned into a gradient of colors representing the original image. In version 0.1.1, the blurhash parsing code may panic due to multiple panic-guarded out-of-bounds accesses on...

Design/Logic Flaw

blurhash-rs is a pure Rust implementation of Blurhash, software for encoding images into ASCII strings that can be turned into a gradient of colors representing the original image. In version 0.1.1, the blurhash parsing code may panic due to multiple panic-guarded out-of-bounds accesses on...

CVE-2023-42447 blurhash panics on parsing crafted inputs

blurhash-rs is a pure Rust implementation of Blurhash, software for encoding images into ASCII strings that can be turned into a gradient of colors representing the original image. In version 0.1.1, the blurhash parsing code may panic due to multiple panic-guarded out-of-bounds accesses on...

CVE-2023-42447

CVE-2023-42447 affects blurhash-rs, a Rust implementation of Blurhash. The vulnerability arises in the 0.1.1 parsing code, which may panic due to multiple panic-guarded out-of-bounds accesses on untrusted input (including UTF-8 multi-byte characters) fed over the network. In practice, this could ...

CVE-2023-42444

CVE-2023-42444 affects the phonenumber Rust library. The vulnerability is a panic caused by a panic-guarded out-of-bounds access on the phonenumber string when processing crafted inputs (notably the string .;phone-context=) in parsing code. Affected versions are prior to 0.3.3+8.13.9 and 0.2.5+8....

CVE-2023-42444 phonenumber panics on parsing crafted RF3966 inputs

phonenumber is a library for parsing, formatting and validating international phone numbers. Prior to versions 0.3.3+8.13.9 and 0.2.5+8.11.3, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber,...

Operation Rusty Flag: Azerbaijan Targeted in New Rust-Based Malware Campaign

Targets located in Azerbaijan have been singled out as part of a new campaign that's designed to deploy Rust-based malware on compromised systems. Cybersecurity firm Deep Instinct is tracking the operation under the name Operation Rusty Flag. It has not been associated with any known threat actor...

RUSTSEC-2023-0082 phonenumber: panic on parsing crafted RF3966 phonenumber inputs

Impact The phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber over the network, specifically the string .;phone-context=. Patches...

phonenumber: panic on parsing crafted RF3966 phonenumber inputs

Impact The phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber over the network, specifically the string .;phone-context=. Patches...

blurhash-rs security vulnerability

blurhash-rs is a pure Rust implementation of Blurhash. A security vulnerability exists in blurhash-rs version 0.1.1, which stems from an out-of-bounds access when guarding multiple times against untrusted inputs, and may cause a panic in the blurhash parsing code...

Fedora: Security Advisory for rust-pythonize (FEDORA-2023-c0696d7b53)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Rust Implant Used in New Malware Campaign Against Azerbaijan

By Waqas KEY FINDINGS Organizations should take steps to protect themselves from this campaign by keeping software up to date,… This is a post from HackRead.com Read the original post: Rust Implant Used in New Malware Campaign Against Azerbaijan...

[SECURITY] Fedora 37 Update: rust-pythonize-0.19.0-1.fc37

Serde Serializer & Deserializer from Rust Python, backed by PyO3...

Fedora 37 : matrix-synapse / python-matrix-common / rust-pythonize (2023-c0696d7b53)

The remote Fedora 37 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-c0696d7b53 advisory. Update matrix-synapse to v1.80.0 to fix CVE-2022-39374, CVE-2023-32323 Tenable has extracted the preceding description block directly from the Fedor...