CVE-2019-13225

Oniguruma 6.9.2 contains a NULL pointer dereference in match_at() (CVE-2019-13225) that can lead to denial of service when a crafted regular expression is used. Multiple connected advisories (AlmaLinux, Fedora, Amazon Linux, Astra Linux) report the vulnerability and list updates/patches for onigu...

CVE-2019-13224

A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte...

oniguruma -- multiple vulnerabilities

A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte...

`boxfnonce` obsolete with release of Rust 1.35.0

This commit marks the boxfnonce crate as obsolete and the GitHub repo has since been archived. The functionality of boxfnonce has been added to Rust since 1.35.0. Use Box...

RUSTSEC-2019-0040 `boxfnonce` obsolete with release of Rust 1.35.0

This commit marks the boxfnonce crate as obsolete and the GitHub repo has since been archived. The functionality of boxfnonce has been added to Rust since 1.35.0. Use Box...

amethyst_derive (>=0.4.0 <=0.5.0), amethyst_test (>=0.1.0 <=0.3.0) +81 more potentially affected by unknown CVE via boxfnonce (>=0.0.3 <=0.1.1)

boxfnonce CARGO version =0.0.3, =0.4.0, =0.1.0, =0.1.0, =0.2.5, =0.5.0, =0.3.1, =0.2.0, =0.5.0, =0.0.0, =3.0.0, =0.1.3, =0.0.1, =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2019-0040...

Format string vulnerabilities in `pancurses`

pancurses::mvprintw and pancurses::printw passes a pointer from a rust &str to C, allowing hostile input to execute a format string attack, which trivially allows writing arbitrary data to stack memory...

alpha-g-analysis (=0.1.0), apecrunch (>=0.0.1 <=0.0.3) +179 more potentially affected by CVE-2019-15547 +1 more via ncurses (>=5.101.0 <=6.0.1)

ncurses CARGO version =5.101.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.8.7 - btui =0.6.5 and more Source cves: CVE-2019-15547, CVE-2019-15548 Source advisory: OSV:RUSTSEC-2019-0006...

Rustbuster - DirBuster For Rust

DirBuster for Rust. Usage There are three modules currently implemented: 1. Dirbuster default rustbuster -m dir -u http://localhost:3000/ -w examples/wordlist -e php 2. Dnsbuster rustbuster -m dns -u google.com -w examples/wordlist 3. Vhostbuster rustbuster -m vhost -u http://localhost:3000/ -w...

afterburn (=4.1.0), aoaddons (>=0.1.1 <=0.1.6) +50 more potentially affected by CVE-2019-25054 via pnet (>=0.12.0 <=0.26.0)

pnet CARGO version =0.12.0, =0.1.1, =0.0.2, =0.6.0, =0.1.0, =1.3.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =0.3.1, =0.4.0 and more Source cves: CVE-2019-25054 Source advisory: OSV:RUSTSEC-2019-0037...

Brains (>=0.1.0 <=0.2.0), Route16 (=0.0.1) +858 more potentially affected by CVE-2019-15544 via protobuf (>=2.0.2 <=2.5.0)

protobuf CARGO version =2.0.2, =0.1.0, =0.4.0, =0.1.0, =0.1.0, =0.13.0, =0.11.0, =0.11.0, =1.1.0, =0.4.3, =0.1.0, =0.1.0, =0.1.0, =0.17.0 and more Source cves: CVE-2019-15544 Source advisory: OSV:RUSTSEC-2019-0003...

RUSTSEC-2019-0003 Out of Memory in stream::read_raw_bytes_into()

Affected versions of this crate called Vec::reserve on user-supplied input. This allows an attacker to cause an Out of Memory condition while calling the vulnerable method on untrusted data...

Finshir - A Coroutines-Driven Low And Slow Traffic Sender, Written In Rust

You are seeing a high-performant, coroutines-driven, and fully customisable implementation of Low & Slow load generator designed for real-world pentesting. You can easily torify/proxify it using various platform-dependent utilities. Demonstration Advantages Coroutines-driven. Finshir uses...

Fedora 30 : rust (2019-e39d4910c6)

Security fix for CVE-2019-12083 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network...

Fedora 29 : rust (2019-f76f0e11b3)

Security fix for CVE-2019-12083 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network...

Sniffglue - Secure Multithreaded Packet Sniffer

sniffglue is a network sniffer written in rust. Network packets are parsed concurrently using a thread pool to utilize all cpu cores. Project goals are that you can run sniffglue securely on untrusted networks and that it must not crash when processing packets. The output should be as useful as...

Fedora Update for rust FEDORA-2019-e39d4910c6

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora Update for rust FEDORA-2019-f76f0e11b3

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 29 Update: rust-1.34.2-1.fc29

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

[SECURITY] Fedora 30 Update: rust-1.34.2-1.fc30

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...