5 matches found
openSUSE: Security Advisory for rust1.62 (SUSE-SU-2022:3451-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE: Security Advisory (SUSE-SU-2022:3451-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
armory_cli (>=0.3.3 <=0.3.28), armory_lib (>=0.1.0 <=0.3.28) +133 more potentially affected by CVE-2022-36114 via cargo (>=0.10.0 <=0.64.0)
cargo CARGO version =0.10.0, =0.3.3, =0.1.0, =0.10.0, =0.10.0, =0.1.0, =0.3.1, =0.0.1, =0.1.0, =0.1.0, =0.2.2, =0.6.0, =0.1.0, =0.1.1, =1.1.0 and more Source cves: CVE-2022-36114 Source advisory: OSV:GHSA-2HVR-H6GW-QRXP...
CVE-2022-36114
CVE-2022-36114 concerns Cargo, Rust’s package manager. The advisory states Cargo does not limit data extracted from compressed archives, enabling a zip-bomb attack when a malicious package is uploaded to an alternate registry. This could exhaust disk space on a machine downloading the package. Th...
CVE-2022-36114 Extracting malicious crates can fill the file system
Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size also known as a...