CVE-2023-28445 Deno improperly handles resizable ArrayBuffer

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Resizable ArrayBuffers passed to asynchronous functions that are shrunk during the asynchronous operation could result in an out-of-bound read/write. It is unlikely that this has been exploited in the wild, as the...

CVE-2023-28445

CVE-2023-28445 affects Deno (Rust-based runtime for JavaScript/TypeScript). The issue arises from resizing ArrayBuffers passed to asynchronous functions that are shrunk during the operation, potentially causing an out-of-bounds read/write. The only affected release is Deno 1.32.0; Deno Deploy is ...

CVE-2023-28445 Deno improperly handles resizable ArrayBuffer

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Resizable ArrayBuffers passed to asynchronous functions that are shrunk during the asynchronous operation could result in an out-of-bound read/write. It is unlikely that this has been exploited in the wild, as the...

AZL-25709 CVE-2023-0464 affecting package rust for versions less than 1.68.0-1

A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of...

RUSTSEC-2023-0032 Unsound FFI: Wrong API usage causes write past allocated area

The following usage causes undefined behavior. rust let kp: ntru::types::KeyPair = …; kp.getpublic.exportDefault::default When compiled with debug assertions, the code above will trigger a attempt to subtract with overflow panic before UB occurs. Other mistakes e.g. using EncParams from a differe...

Amazon Linux 2023 : cargo, clippy, rust (ALAS2023-2023-109)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-109 advisory. 2024-02-15: CVE-2022-36113 was added to this advisory. 2024-02-15: CVE-2022-36114 was added to this advisory. Cargo is a package manager for the rust programming language. After a package is...

GHSA-PPJR-267J-5P9X NULL pointer derefernce in `stb_image`

A bug in error handling in the stbimage C library could cause a NULL pointer dereference when attempting to load an invalid or unsupported image file. This is fixed in version 0.2.5 and later of the stbimage Rust crate, by patching the C code to correctly handle NULL pointers...

NULL pointer derefernce in `stb_image`

A bug in error handling in the stbimage C library could cause a NULL pointer dereference when attempting to load an invalid or unsupported image file. This is fixed in version 0.2.5 and later of the stbimage Rust crate, by patching the C code to correctly handle NULL pointers...

NULL pointer dereference in `stb_image`

A bug in error handling in the stbimage C library could cause a NULL pointer dereference when attempting to load an invalid or unsupported image file. This is fixed in version 0.2.5 and later of the stbimage Rust crate, by patching the C code to correctly handle NULL pointers. Thank you to GitHub...

RUSTSEC-2023-0021 NULL pointer dereference in `stb_image`

A bug in error handling in the stbimage C library could cause a NULL pointer dereference when attempting to load an invalid or unsupported image file. This is fixed in version 0.2.5 and later of the stbimage Rust crate, by patching the C code to correctly handle NULL pointers. Thank you to GitHub...

CVE-2023-28113

Summary: The CVE-2023-28113 issue affects russh, a Rust SSH client/server library. The root cause is insufficient validation of Diffie-Hellman (DH) keys, allowing certain invalid DH public values (e, e

CVE-2023-28113 russh may use insecure Diffie-Hellman keys

russh is a Rust SSH client and server library. Starting in version 0.34.0 and prior to versions 0.36.2 and 0.37.1, Diffie-Hellman key validation is insufficient, which can lead to insecure shared secrets and therefore breaks confidentiality. Connections between a russh client and server or those ...

cargo-generate (>=0.13.1 <=0.16.0), cargo-smart-release (>=0.1.0 <=0.2.4) +43 more potentially affected by unknown CVE via git-hash (>=0.10.3 <=0.9.11)

git-hash CARGO version =0.10.3, =0.13.1, =0.1.0, =0.2.11, =11.0.0, =0.12.11, =0.1.0, =0.1.0, =0.3.0, =0.2.0, =0.1.0, =0.1.0, =0.10.0, =0.1.0, =0.1.0, =0.4.3 - git-lock =0.0.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0025...

annatar (=0.6.1), aoer-plotty-rs (>=0.2.1 <=0.4.1) +118 more potentially affected by unknown CVE via const-cstr (>=0.1.0 <=0.3.0)

const-cstr CARGO version =0.1.0, =0.2.1, =0.3.6, =0.5.0, =0.1.0, =0.1.0, =0.11.0+8.3.2, =0.0.1, =1.0.0, =1.3.3 - capsicum =0.2.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0020...

Fedora: Security Advisory for rust-sequoia-sop (FEDORA-2023-c08ee112f6)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for rust-sequoia-sq (FEDORA-2023-c08ee112f6)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 38 Update: rust-sequoia-sq-0.26.0-5.fc38

Command-line frontends for Sequoia...

[SECURITY] Fedora 38 Update: rust-sequoia-octopus-librnp-1.4.1-5.fc38

Reimplementation of RNP's interface using Sequoia for use with Thunderbird...

Fedora 38 : rust-sequoia-octopus-librnp / rust-sequoia-sop / rust-sequoia-sq (2023-c08ee112f6)

The remote Fedora 38 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-c08ee112f6 advisory. Rebuild for bzip2 0.4.4 CVE-2023-22895 / RUSTSEC-2023-0004. Tenable has extracted the preceding description block directly from the Fedora security advisory...

GHSA-WM8X-PHP5-HVQ6 Maligned causes incorrect deallocation

maligned::alignfirst manually allocates with an alignment larger than T, and then uses Vec::fromrawparts on that allocation to get a Vec. GlobalAlloc::dealloc requires that the layout argument must be the same layout that was used to allocate that block of memory. When deallocating, Box and Vec m...