GHSA-FQHP-RHM6-8RRJ Withdrawn Advisory: urlnorm vulnerable to Regular Expression Denial of Service

Withdrawn Advisory This advisory has been withdrawn because the security impact of the slow printing of URLs has been disputed. This link is maintained to preserve external references. Original Description The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service ReDos...

CVE-2023-33289

The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service ReDos via a crafted URL to lib.rs. NOTE: the Supplier disputes this, taking the position that "Slow printing of URLs is not a CVE."...

CVE-2023-33289

The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service ReDos via a crafted URL to lib.rs. NOTE: the Supplier disputes this, taking the position that "Slow printing of URLs is not a CVE."...

Code injection

The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service ReDos via a crafted URL to lib.rs...

GetPDB (>=0.1.0 <=1.0.1), IMAPServer (=0.1.0) +4089 more potentially affected by unknown CVE via memoffset (>=0.1.0 <=0.5.6)

memoffset CARGO version =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.5.3, =0.2.1, =0.1.0, =0.1.0, =0.1.0, =0.8.0, =0.4.0, =0.5.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0045...

memoffset allows reading uninitialized memory

memoffset allows attempt of reading data from address 0 with arbitrary type. This behavior is an undefined behavior because address 0 to std::mem::sizeof may not have valid bit-pattern with T. Old implementation dereferences uninitialized memory obtained from std::mem::alignof. Older implementati...

CVE-2023-33289

The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service ReDos via a crafted URL to lib.rs. NOTE: the Supplier disputes this, taking the position that "Slow printing of URLs is not a CVE."...

CVE-2023-33289

The CVE-2023-33289 entry concerns the Rust crate urlnorm (version up to 0.1.4). A Regular Expression Denial of Service (ReDoS) is described when processing a crafted URL in lib.rs. Reported CVSS v3.1 base metrics indicate Network attack vector, low attack complexity, no privileges required, and a...

CVE-2023-33289

The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service ReDos via a crafted URL to lib.rs. NOTE: the Supplier disputes this, taking the position that "Slow printing of URLs is not a CVE."...

bitcoin-harness (=0.1.0), bitcoin_rpc_client (>=0.5.0 <=0.6.1) +79 more potentially affected by CVE-2023-53159 via openssl (>=0.10.22 <=0.10.52)

openssl CARGO version =0.10.22, =0.5.0, =0.2.0, =0.0.0, =0.0.1, =0.3.3, =0.6.25, =0.1.0-alpha.0, =0.1.24, =0.37.0, =0.4.0, =0.37.0, =0.37.0, =0.38.0 and more Source cves: CVE-2023-53159 Source advisory: OSV:RUSTSEC-2023-0044...

The vulnerability of the HTTP library for Rust Hyper, related to unlimited resource distribution, allows attackers to cause service failures.

The vulnerability of the HTTP library for Rust Hyper relates to the unlimited distribution of resources. Exploiting this vulnerability could allow a remote attacker to cause service failures...

CVE-2023-34449

ink! is an embedded domain specific language to write smart contracts in Rust for blockchains built on the Substrate framework. Starting in version 4.0.0 and prior to version 4.2.1, the return value when using delegate call mechanics, either through CallBuilder::delegate or...

Design/Logic Flaw

ink! is an embedded domain specific language to write smart contracts in Rust for blockchains built on the Substrate framework. Starting in version 4.0.0 and prior to version 4.2.1, the return value when using delegate call mechanics, either through CallBuilder::delegate or...

CVE-2023-34449 ink! vulnerable to incorrect decoding of storage value when using `DelegateCall`

ink! is an embedded domain specific language to write smart contracts in Rust for blockchains built on the Substrate framework. Starting in version 4.0.0 and prior to version 4.2.1, the return value when using delegate call mechanics, either through CallBuilder::delegate or...

CVE-2023-34449

The CVE-2023-34449 issue affects ink! (Rust-based eDSL for Substrate). Affected versions are 4.0.0 up to, but not including, 4.2.1; the bug arises from incorrect decoding of the return value when using delegate call mechanics via CallBuilder::delegate or ink_env::invoke_contract_delegate. The roo...

Ouroboros is Unsound

In 0.15.0 and prior, Ouroboros works internally by creating a struct where all uses of 'this are replaced by 'static. However, a recent addition to Miri checks that references passed to functions are valid during the entire execution of the function, even when those references are passed inside a...

GHSA-87MF-9WG6-PPF8 Ouroboros is Unsound

In 0.15.0 and prior, Ouroboros works internally by creating a struct where all uses of 'this are replaced by 'static. However, a recent addition to Miri checks that references passed to functions are valid during the entire execution of the function, even when those references are passed inside a...

git-url-parse crate vulnerable to Regular Expression Denial of Service

The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service ReDos via a crafted URL to normalizeurl in lib.rs, a similar issue to CVE-2023-32758 Python...

GHSA-QFH9-8P57-MJJJ git-url-parse crate vulnerable to Regular Expression Denial of Service

The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service ReDos via a crafted URL to normalizeurl in lib.rs, a similar issue to CVE-2023-32758 Python...

CVE-2023-33290

The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service ReDos via a crafted URL to normalizeurl in lib.rs, a similar issue to CVE-2023-32758 Python...