EUVD-2007-4058

Malware in sbrugna...

EUVD-2024-40442

Malicious code in bioql PyPI...

GHSA-PFR9-2P92-QRHQ Databento Binary Encoding (DBN) has a heap buffer overflow using c_chars_to_str function

The heap-buffer-overflow is triggered in the strlen function when handling the ccharstostr function in the dbn crate. This vulnerability occurs because the CStr::fromptr function in Rust assumes that the provided C string is null-terminated. However, there is no guarantee that the input chars arr...

Databento Binary Encoding (DBN) has a heap buffer overflow using c_chars_to_str function

The heap-buffer-overflow is triggered in the strlen function when handling the ccharstostr function in the dbn crate. This vulnerability occurs because the CStr::fromptr function in Rust assumes that the provided C string is null-terminated. However, there is no guarantee that the input chars arr...

RUSTSEC-2024-0377 Heap Buffer overflow using c_chars_to_str function

The heap-buffer-overflow is triggered in the strlen function when handling the ccharstostr function in the dbn crate. This vulnerability occurs because the CStr::fromptr function in Rust assumes that the provided C string is null-terminated. However, there is no guarantee that the input chars arr...

PT-2024-30645 · Unknown · Easytest Online Test Platform

Name of the Vulnerable Software and Affected Versions: Easytest Online Test Platform versions 24E01 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands via the cstr parameter in the download class learning course function. This enables attackers to...

const-cstr is Unmaintained

Last release was about five years ago. The maintainers have been unreachable to respond to any issues that may or may not include security issues. The repository is now archived and there is no security policy in place to contact the maintainers otherwise. No direct fork exist. const-cstr is...

annatar (=0.6.1), aoer-plotty-rs (>=0.2.1 <=0.4.1) +111 more potentially affected by unknown CVE via const-cstr (>=0.1.0 <=0.3.0)

const-cstr CARGO version =0.1.0, =0.2.1, =0.3.6, =0.5.0, =0.1.0, =0.1.0, =0.11.0+8.3.2, =0.0.1, =1.0.0, =1.3.3 - capsicum =0.2.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0020...

PT-2023-36085 · Unknown · Const-Cstr

Name of the Vulnerable Software and Affected Versions: const-cstr affected versions not specified Description: The const-cstr crate has been archived and no longer maintained, with unreachable maintainers and no security policy in place. A significant issue is that the crate violates the safety...

SUSE CVE-2007-4074

The default configuration of Centre for Speech Technology Research CSTR Festival 1.95 beta aka 2.0 beta on Gentoo Linux, SUSE Linux, and possibly other distributions, is run locally with elevated privileges without requiring authentication, which allows local and remote attackers to execute...

GHSA-H352-G5VW-3926 Improper Input Validation in fruity

Methods of NSString for conversion to a string may return a partial result. Since they call CStr::fromptr on a pointer to the string buffer, the string is terminated at the first null byte, which might not be the end of the string. In addition to the vulnerable functions listed for this issue, th...

CVE-2021-43620

An issue was discovered in the fruity crate through 0.2.0 for Rust. Security-relevant validation of filename extensions is plausibly affected. Methods of NSString for conversion to a string may return a partial result. Because they call CStr::fromptr on a pointer to the string buffer, the string ...

CVE-2021-43620

An issue was discovered in the fruity crate through 0.2.0 for Rust. Security-relevant validation of filename extensions is plausibly affected. Methods of NSString for conversion to a string may return a partial result. Because they call CStr::fromptr on a pointer to the string buffer, the string ...

Design/Logic Flaw

An issue was discovered in the fruity crate through 0.2.0 for Rust. Security-relevant validation of filename extensions is plausibly affected. Methods of NSString for conversion to a string may return a partial result. Because they call CStr::fromptr on a pointer to the string buffer, the string ...

CVE-2021-43620

CVE-2021-43620 affects the fruity crate (up to 0.2.0) for Rust. The issue stems from security-relevant validation of filename extensions and the use of NSString-to-string conversion that may return partial results. Specifically, the code can call CStr::from_ptr on a pointer to the string buffer, ...

Converting `NSString` to a String Truncates at Null Bytes

Methods of NSString for conversion to a string may return a partial result. Since they call CStr::fromptr on a pointer to the string buffer, the string is terminated at the first null byte, which might not be the end of the string. In addition to the vulnerable functions listed for this issue, th...

CVE-2018-13087

The mintToken function of a smart contract implementation for Coinstar CSTR, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value...

CVE-2010-3996

festivalserver in Centre for Speech Technology Research CSTR Festival, probably 2.0.95-beta and earlier, places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...

CVE-2010-3996

The CVE-2010-3996 issue affects Festival Server (CSTR Festival), probably in versions up to 2.0.95-beta and earlier. The root cause is an unsafe LD_LIBRARY_PATH implementation that places a zero-length directory name, enabling a local attacker to load a Trojan horse shared library from the curren...

CVE-2010-3996

festivalserver in Centre for Speech Technology Research CSTR Festival, probably 2.0.95-beta and earlier, places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...