Lucene search
K

94 matches found

OSV
OSV
added 2024/11/22 12:0 p.m.18 views

RUSTSEC-2024-0399 rustls network-reachable panic in `Acceptor::accept`

A bug introduced in rustls 0.23.13 leads to a panic if the received TLS ClientHello is fragmented. Only servers that use rustls::server::Acceptor::accept are affected. Servers that use tokio-rustls's LazyConfigAcceptor API are affected. Servers that use tokio-rustls's TlsAcceptor API are not...

7.5CVSS7AI score0.00707EPSS
Exploits1References3
RustSec
RustSec
added 2024/11/22 12:0 p.m.13 views

rustls network-reachable panic in `Acceptor::accept`

A bug introduced in rustls 0.23.13 leads to a panic if the received TLS ClientHello is fragmented. Only servers that use rustls::server::Acceptor::accept are affected. Servers that use tokio-rustls's LazyConfigAcceptor API are affected. Servers that use tokio-rustls's TlsAcceptor API are not...

7.5CVSS7AI score0.00707EPSS
Exploits1Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/22 12:0 a.m.7 views

PT-2024-40945 · Unknown +1 · Tokio-Rustls +2

Name of the Vulnerable Software and Affected Versions: rustls version 0.23.13 Description: A bug in rustls leads to a panic if the received TLS ClientHello is fragmented. This issue affects servers using rustls::server::Acceptor::accept and tokio-rustls's LazyConfigAcceptor API, but not those usi...

7.3AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/10/24 12:0 a.m.12 views

Fedora 39 : rust-pyo3 / rust-pyo3-build-config / rust-pyo3-ffi / etc (2024-44f01d9c69)

The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-44f01d9c69 advisory. Update pyo3 to version 0.22.4. This version addresses a potential use-after-free RUSTSEC-2024-0378. Tenable has extracted the preceding description block...

5.6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/10/24 12:0 a.m.5 views

Fedora 40 : rust-pyo3 / rust-pyo3-build-config / rust-pyo3-ffi / etc (2024-23292e9f6d)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-23292e9f6d advisory. Update pyo3 to version 0.22.4. This version addresses a potential use-after-free RUSTSEC-2024-0378. Tenable has extracted the preceding description block...

5.6AI score
Exploits0References1
OpenVAS
OpenVAS
added 2024/10/24 12:0 a.m.5 views

Fedora: Security Advisory (FEDORA-2024-44f01d9c69)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References3
OpenVAS
OpenVAS
added 2024/10/24 12:0 a.m.4 views

Fedora: Security Advisory (FEDORA-2024-23292e9f6d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/06/13 12:0 a.m.33 views

Fedora 39 : php (2024-52c23ef1ec)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-52c23ef1ec advisory. PHP version 8.2.20 06 Jun 2024 CGI: Fixed buffer limit on Windows, replacing read call usage by read. David Carlier Fixed bug GHSA-3qgc-jrrr-25jv...

9.8CVSS8.2AI score0.99998EPSS
Exploits106References7
OpenVAS
OpenVAS
added 2024/06/07 12:0 a.m.7 views

Fedora: Security Advisory for rust-bindgen-cli (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Fedora
Fedora
added 2024/06/02 3:39 a.m.11 views

[SECURITY] Fedora 39 Update: rust-bindgen-cli-0.69.4-2.fc39

Automatically generates Rust FFI bindings to C and C++ libraries...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2024/05/27 12:0 a.m.6 views

Fedora: Security Advisory for rust-bindgen-cli (FEDORA-2024-ce2936b568)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Fedora
Fedora
added 2024/05/26 1:28 a.m.9 views

[SECURITY] Fedora 40 Update: rust-bindgen-cli-0.69.4-2.fc40

Automatically generates Rust FFI bindings to C and C++ libraries...

7.3AI score
Exploits0
vulnersOsv
vulnersOsv
added 2024/04/19 7:46 p.m.7 views

rustls-ffi (=0.10.0) potentially affected by CVE-2024-32650 via rustls (=0.21.0)

rustls CARGO version =0.21.0 is affected by a known vulnerability. The following packages have a transitive dependency on rustls and may be impacted: - rustls-ffi =0.10.0 Source cves: CVE-2024-32650 Source advisory: OSV:GHSA-6G7W-8WPP-FRHJ...

7.5CVSS5.8AI score0.00949EPSS
Exploits0
OSV
OSV
added 2024/04/19 12:0 p.m.21 views

RUSTSEC-2024-0336 `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input

If a closenotify alert is received during a handshake, completeio does not terminate. Callers which do not call completeio are not affected. rustls-tokio and rustls-ffi do not call completeio and are not affected. rustls::Stream and rustls::StreamOwned types use completeio and are affected...

7.5CVSS7.3AI score0.00949EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/03/06 5:4 p.m.26 views

Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass

Summary Use of raw file descriptors in opnodeipcpipe leads to premature close of arbitrary file descriptors, allowing standard input to be re-opened as a different resource resulting in permission prompt bypass. Details Node childprocess IPC relies on the JS side to pass the raw IPC file descript...

8.8CVSS7.9AI score0.02276EPSS
Exploits1References12Affected Software1
Fedora
Fedora
added 2024/02/14 1:13 a.m.12 views

[SECURITY] Fedora 38 Update: rust-kvm-bindings-0.7.0-1.fc38

Rust FFI bindings to KVM generated using bindgen...

9.8CVSS7.3AI score0.00652EPSS
Exploits0
OpenVAS
OpenVAS
added 2024/02/14 12:0 a.m.10 views

Fedora: Security Advisory for rust-kvm-bindings (FEDORA-2024-f2305d485f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.00652EPSS
Exploits0References2
Fedora
Fedora
added 2024/02/10 1:27 a.m.17 views

[SECURITY] Fedora 39 Update: rust-kvm-bindings-0.7.0-1.fc39

Rust FFI bindings to KVM generated using bindgen...

9.8CVSS7.3AI score0.00652EPSS
Exploits0
OSV
OSV
added 2023/04/07 7:23 p.m.13 views

GHSA-FQ33-VMHV-48XH ntru-rs has unsound FFI: Wrong API usage causes write past allocated area

The following usage causes undefined behavior. rust let kp: ntru::types::KeyPair = …; kp.getpublic.exportDefault::default When compiled with debug assertions, the code above will trigger a attempt to subtract with overflow panic before UB occurs. Other mistakes e.g. using EncParams from a differe...

7.2AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/04/07 7:23 p.m.17 views

ntru-rs has unsound FFI: Wrong API usage causes write past allocated area

The following usage causes undefined behavior. rust let kp: ntru::types::KeyPair = …; kp.getpublic.exportDefault::default When compiled with debug assertions, the code above will trigger a attempt to subtract with overflow panic before UB occurs. Other mistakes e.g. using EncParams from a differe...

6.8AI score
Exploits0References3Affected Software1
Rows per page
Query Builder