bzip2 allows attackers to cause a denial of service via a large file that triggers an integer overflow

The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product...

CVE-2023-22895

The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product...

CVE-2023-22895

The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product...

DEBIAN-CVE-2023-22895

The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product...

CVE-2023-22895

The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product...

UBUNTU-CVE-2023-22895

The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product...

CVE-2023-22895

CVE-2023-22895 affects the bzip2 crate before 0.4.4 for Rust; vulnerability is an integer overflow in mem.rs that allows denial of service on large input. Note this is unrelated to crates.io/bzip2-rs. Fedora advisories indicate rebuilding for bzip2 0.4.4; no exploit details are provided in the su...

CVE-2023-22895

The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product...

PT-2023-1358

Name of the Vulnerable Software and Affected Versions Rust versions prior to 1.66.1 Description The issue is related to the Cargo package manager in Rust, which does not perform SSH host key verification when cloning indexes and dependencies via SSH. This allows an attacker to perform...

a2s (>=0.1.0 <=0.5.1), abxml (>=0.2.1 <=0.6.2) +240 more potentially affected by CVE-2023-22895 via bzip2 (>=0.2.3 <=0.3.3)

bzip2 CARGO version =0.2.3, =0.1.0, =0.2.1, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.3.0, =2020.5.26, =0.1.0, =0.2.0, =1.0.0 and more Source cves: CVE-2023-22895 Source advisory: OSV:RUSTSEC-2023-0004...

CVE-2023-22466

Tokio is a runtime for writing applications with Rust. Starting with version 1.7.0 and prior to versions 1.18.4, 1.20.3, and 1.23.1, when configuring a Windows named pipe server, setting pipemode will reset rejectremoteclients to false. If the application has previously configured...

CVE-2023-22466

Tokio (Rust) prior to v1.18.4, v1.20.3, and v1.23.1, and the 1.7.0–1.18.x range, has a Windows named pipe setting bug: when configuring pipe_mode for a named pipe server, reject_remote_clients is reset to false, undoing any prior true setting. This can allow remote clients access to the named pip...

CVE-2023-22466

Tokio is a runtime for writing applications with Rust. Starting with version 1.7.0 and prior to versions 1.18.4, 1.20.3, and 1.23.1, when configuring a Windows named pipe server, setting pipemode will reset rejectremoteclients to false. If the application has previously configured...

CVE-2023-22466 Tokio's reject_remote_clients configuration may get dropped when creating a Windows named pipe

Tokio is a runtime for writing applications with Rust. Starting with version 1.7.0 and prior to versions 1.18.4, 1.20.3, and 1.23.1, when configuring a Windows named pipe server, setting pipemode will reset rejectremoteclients to false. If the application has previously configured...

Nokoyawa 2.0 A Reworked Rust-Based Ransomware

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Nokoyawa is a 64-bit Windows-based ransomware family that first appeared in early February 2022. The threat group behind Nokoyawa conducts double-extortion ransomware attacks, first stealing data from...

Fedora 36 : rust-capnp / rust-sequoia-octopus-librnp (2022-fd7eeedd02)

The remote Fedora 36 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2022-fd7eeedd02 advisory. Update the capnp crate to version 0.14.11 to address CVE-2022-46149 / RUSTSEC-2022-0068. This update also includes a rebuild of the only affected application...

can2040 (>=0.1.2 <=0.1.5), card10-alloc (>=0.1.0 <=0.1.1) +13 more potentially affected by unknown CVE via alloc-cortex-m (>=0.2.2 <=0.4.4)

alloc-cortex-m CARGO version =0.2.2, =0.1.2, =0.1.0, =0.1.0, =0.0.4, =0.3.2, =0.1.0, =0.1.0, =0.5.6, =0.1.0, =0.1.1, =0.0.2, =0.0.11 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2022-0073...

Ransomware Hackers Using New Way to Bypass MS Exchange ProxyNotShell Mitigations

Threat actors affiliated with a ransomware strain known as Play are leveraging a never-before-seen exploit chain that bypasses blocking rules for ProxyNotShell flaws in Microsoft Exchange Server to achieve remote code execution RCE through Outlook Web Access OWA. "The new exploit method bypasses...

Agenda ransomware made its return with a Rust variant

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In addition to BlackCat, Hive, Luna, and RansomExx, Agenda is the latest ransomware strain to use the cross-platform programming language Rust. Ransomware-as-a-service RaaS group Agenda, attributed to an...

New Agenda Ransomware Variant, Written in Rust, Aiming at Critical Infrastructure

A Rust variant of a ransomware strain known as Agenda has been observed in the wild, making it the latest malware to adopt the cross-platform programming language after BlackCat, Hive, Luna, and RansomExx. Agenda, attributed to an operator named Qilin, is a ransomware-as-a-service RaaS group that...