4 matches found
CVE-2016-10933
An issue was discovered in the portaudio crate through 0.7.0 for Rust. There is a man-in-the-middle issue because the source code is downloaded over cleartext HTTP...
baal (>=0.1.0 <=0.3.0), bit_crusher (=0.2.0) +12 more potentially affected by CVE-2016-10933 via portaudio (>=0.4.19 <=0.6.4)
portaudio CARGO version =0.4.19, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.4.1, =0.5.0, =0.2.0, =0.4.0, =0.1.0, =0.5.0, =0.8.0, =0.11.0 - volume =0.2.0 Source cves: CVE-2016-10933 Source advisory: OSV:GHSA-PQ6V-X7GP-7776...
CVE-2016-10933
An issue was discovered in the portaudio crate through 0.7.0 for Rust. There is a man-in-the-middle issue because the source code is downloaded over cleartext HTTP...
CVE-2016-10933
CVE-2016-10933 affects the portaudio crate up to version 0.7.0 for Rust. The underlying issue is that the build process downloads the portaudio source via cleartext HTTP, enabling a man-in-the-middle attacker to tamper the downloaded archive. Multiple connected sources describe this as a MitM ris...