Agenda Ransomware Uses Rust to Target More Vital Industries

This year, various ransomware-as-a-service groups have developed versions of their ransomware in Rust, including Agenda. Agenda's Rust variant has targeted vital industries like its Go counterpart. In this blog, we will discuss how the Rust variant works...

Malware Strains Targeting Python and JavaScript Developers Through Official Repositories

An active malware campaign is targeting the Python Package Index PyPI and npm repositories for Python and JavaScript with typosquatted and fake modules that deploy a ransomware strain, marking the latest security issue to affect software supply chains. The typosquatted Python packages all...

[SECURITY] Fedora 36 Update: rust-capnp-0.14.11-1.fc36

Runtime library for Cap'n Proto data encoding...

[SECURITY] Fedora 36 Update: rust-sequoia-octopus-librnp-1.4.1-2.fc36

Reimplementation of RNP's interface using Sequoia for use with Thunderbird...

[SECURITY] Fedora 37 Update: rust-capnp-0.14.11-1.fc37

Runtime library for Cap'n Proto data encoding...

Fedora: Security Advisory for rust-capnp (FEDORA-2022-7002ec8b22)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for rust-capnp (FEDORA-2022-fd7eeedd02)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for rust-sequoia-octopus-librnp (FEDORA-2022-fd7eeedd02)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for rust-sequoia-octopus-librnp (FEDORA-2022-7002ec8b22)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

GHSA-969W-Q74Q-9J8V Unsound API in `secp256k1` allows use-after-free and invalid deallocation from safe code

Because of incorrect bounds on method Secp256k1::preallocatedgennew it was possible to cause use-after-free from safe consumer code. It was also possible to "free" memory not allocated by the appropriate allocator. The method takes a place for storing the context as a mutable reference and return...

Unsound API in `secp256k1` allows use-after-free and invalid deallocation from safe code

Because of incorrect bounds on method Secp256k1::preallocatedgennew it was possible to cause use-after-free from safe consumer code. It was also possible to "free" memory not allocated by the appropriate allocator. The method takes a place for storing the context as a mutable reference and return...

libp2p DoS vulnerability from lack of resource management

Impact Versions older than v0.38.0 of js-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause the allocation of large amounts of memory, ultimately leading to the process getting killed ...

CVE-2022-23486

libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.45.1 an attacker node can cause a victim node to allocate a large number of small memory chunks, which can ultimately lead to the victim’s process running out of memory and thus getting...

Design/Logic Flaw

libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.45.1 an attacker node can cause a victim node to allocate a large number of small memory chunks, which can ultimately lead to the victim’s process running out of memory and thus getting...

CVE-2022-23486

CVE-2022-23486 affects the Rust implementation of libp2p (libp2p-rust) in versions before 0.45.1. An attacker node can induce a victim to allocate a large number of small memory chunks, exhausting the victim process memory and potentially causing OOM/killing, enabling a denial-of-service, especia...

CVE-2022-23486 libp2p-rust denial of service vulnerability from lack of resource management

libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.45.1 an attacker node can cause a victim node to allocate a large number of small memory chunks, which can ultimately lead to the victim’s process running out of memory and thus getting...

CVE-2022-23486 libp2p-rust denial of service vulnerability from lack of resource management

libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.45.1 an attacker node can cause a victim node to allocate a large number of small memory chunks, which can ultimately lead to the victim’s process running out of memory and thus getting...

CVE-2022-23486 libp2p-rust denial of service vulnerability from lack of resource management

libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.45.1 an attacker node can cause a victim node to allocate a large number of small memory chunks, which can ultimately lead to the victim’s process running out of memory and thus getting...

rust-libp2p 资源管理错误漏洞

rust-libp2p is a Rust implementation of the libp2p network stack from the libp2p open source. A security vulnerability exists in versions prior to rust-libp2p v0.45.1 , which can be exploited by an attacker to cause a victim node to allocate a large number of small memory blocks , eventually...

AZL-35235 CVE-2022-35256 affecting package rust for versions less than 1.75.0-1

The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling...