CVE-2021-32715 Lenient Parsing of Content-Length Header When Prefixed with Plus Sign

hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a Content-Length header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't parse such...

CVE-2021-32714

CVE-2021-32714 affects the hyper HTTP library for Rust (versions prior to 0.14.10). The flaw is an integer overflow when decoding chunk sizes in HTTP/1.1 chunked transfers, which can cause data loss and, if an upstream proxy allows large chunk sizes, potential request smuggling or desync attacks....

BeerHolderBot (>=0.1.0 <=0.3.6), GetPDB (>=0.1.0 <=1.0.1) +5228 more potentially affected by CVE-2021-32714 via hyper (>=0.0.1 <=0.13.7)

hyper CARGO version =0.0.1, =0.1.0, =0.1.0, =0.0.2, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =0.0.7-alpha.3, =0.2.0-alpha.0 and more Source cves: CVE-2021-32714 Source advisory: OSV:RUSTSEC-2021-0079...

BeerHolderBot (>=0.1.0 <=0.3.6), GetPDB (>=0.1.0 <=1.0.1) +5228 more potentially affected by CVE-2021-32715 via hyper (>=0.0.1 <=0.13.7)

hyper CARGO version =0.0.1, =0.1.0, =0.1.0, =0.0.2, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =0.0.7-alpha.3, =0.2.0-alpha.0 and more Source cves: CVE-2021-32715 Source advisory: OSV:RUSTSEC-2021-0078...

AskAI (=0.1.0), BeerHolderBot (>=0.3.2 <=0.3.8) +25091 more potentially affected by CVE-2021-38191 via tokio (>=0.3.7 <=1.5.0)

tokio CARGO version =0.3.7, =0.3.2, =0.1.0, =1.0.2, =0.1.0, =0.1.0, =1.0.0-1, =0.1.0, =1.0.0, =1.0.1, =4.3.0, =4.4.0 - NtH1M =0.2.4 and more Source cves: CVE-2021-38191 Source advisory: OSV:RUSTSEC-2021-0072...

vade (>=0.1.0 <=0.1.1), vade-evan (=0.3.0) +4 more potentially affected by CVE-2021-38191 via tokio (=1.7.1)

tokio CARGO version =1.7.1 is affected by a known vulnerability. The following packages have a transitive dependency on tokio and may be impacted: - vade =0.1.0, =0.1.3, =0.2.0 - vade-sidetree =0.0.3 - vade-signer =0.0.1 - vade-universal-resolver =0.0.4 Source cves: CVE-2021-38191 Source advisory...

hyperium hyper 环境问题漏洞

hyperium hyper is an open source HTTP library for Rust. It is intended to be a building block for libraries and applications. A vulnerability exists in hyperium hyper, which arises from the hyper's HTTP/1 server incorrectly parsing and accepting requests with the "Content-Length" header...

AeP (>=0.1.0 <=0.1.3), ApacheLogAnonymizer (>=0.1.0 <=0.1.1) +24249 more potentially affected by unknown CVE via atty (>=0.1.2 <=0.2.14)

atty CARGO version =0.1.2, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.8, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.1.4 - IMAPServer =0.2.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2021-0145...

Potential unaligned read

On windows, atty dereferences a potentially unaligned pointer. In practice however, the pointer won't be unaligned unless a custom global allocator is used. In particular, the System allocator on windows uses HeapAlloc, which guarantees a large enough alignment. atty is Unmaintained A Pull Reques...

RUSTSEC-2021-0145 Potential unaligned read

On windows, atty dereferences a potentially unaligned pointer. In practice however, the pointer won't be unaligned unless a custom global allocator is used. In particular, the System allocator on windows uses HeapAlloc, which guarantees a large enough alignment. atty is Unmaintained A Pull Reques...

Advisory ROSA-SA-2021-1939

Software: openssl 1.0.2k OS: Cobalt 7.9 CVE-ID: CVE-2011-4108 CVE-Crit: CRITICAL CVE-DESC: The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs MAC checks only if a certain fill-in is allowed, making it easy for remote attackers to recover plaintext using a fill-in orac...

Advisory ROSA-SA-2021-1927

Software: ncurses 5.9 OS: Cobalt 7.9 CVE-ID: CVE-2019-15547 CVE-Crit: HIGH CVE-DESC: An issue has been discovered in the ncurses box prior to version 5.99.0 for Rust. The printw functions have format string problems due to improper handling of C format arguments. CVE-STATUS: default CVE-REV:...

Two Google plans that could make open source code more secure

Recently Google announced that it will fund the further development of Rust. Rust is a low-level programming language that is designed to be more memory secure than other popular programming languages, such as C. Google has also proposed an end-to-end framework for supply chain integrity which it...

Fedora: Security Advisory for rust-aom-sys (FEDORA-2021-1c3f7963a5)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

NeteaseCloudMusicRustApi (=0.1.1), RustMusic (=0.1.0) +313 more potentially affected by CVE-2021-38512 via actix-http (>=0.1.5 <=1.0.1)

actix-http CARGO version =0.1.5, =0.1.0, =0.8.0, =0.1.8, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2021-38512 Source advisory: OSV:RUSTSEC-2021-0081...

[SECURITY] Fedora 34 Update: rust-aom-sys-0.2.1-5.fc34

FFI bindings to aom...

openSUSE: Security Advisory for 389-ds (openSUSE-SU-2021:0868-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

MGASA-2021-0251 Updated rust packages fix security vulnerabilities

This Rust update to version 1.52.1 includes security fixes for CVE-2020-36323, CVE-2021-28876, CVE-2021-28878, CVE-2021-28879, and CVE-2021-31162. These are memory safety bugs in the Rust standard library. Because it is statically linked, affected applications will need to be rebuilt to benefit...

Updated rust packages fix security vulnerabilities

This Rust update to version 1.52.1 includes security fixes for CVE-2020-36323, CVE-2021-28876, CVE-2021-28878, CVE-2021-28879, and CVE-2021-31162. These are memory safety bugs in the Rust standard library. Because it is statically linked, affected applications will need to be rebuilt to benefit...

SUSE: Security Advisory (SUSE-SU-2018:3357-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...