94 matches found
RUSTSEC-2024-0399 rustls network-reachable panic in `Acceptor::accept`
A bug introduced in rustls 0.23.13 leads to a panic if the received TLS ClientHello is fragmented. Only servers that use rustls::server::Acceptor::accept are affected. Servers that use tokio-rustls's LazyConfigAcceptor API are affected. Servers that use tokio-rustls's TlsAcceptor API are not...
rustls network-reachable panic in `Acceptor::accept`
A bug introduced in rustls 0.23.13 leads to a panic if the received TLS ClientHello is fragmented. Only servers that use rustls::server::Acceptor::accept are affected. Servers that use tokio-rustls's LazyConfigAcceptor API are affected. Servers that use tokio-rustls's TlsAcceptor API are not...
PT-2024-40945 · Unknown +1 · Tokio-Rustls +2
Name of the Vulnerable Software and Affected Versions: rustls version 0.23.13 Description: A bug in rustls leads to a panic if the received TLS ClientHello is fragmented. This issue affects servers using rustls::server::Acceptor::accept and tokio-rustls's LazyConfigAcceptor API, but not those usi...
Fedora 39 : rust-pyo3 / rust-pyo3-build-config / rust-pyo3-ffi / etc (2024-44f01d9c69)
The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-44f01d9c69 advisory. Update pyo3 to version 0.22.4. This version addresses a potential use-after-free RUSTSEC-2024-0378. Tenable has extracted the preceding description block...
Fedora 40 : rust-pyo3 / rust-pyo3-build-config / rust-pyo3-ffi / etc (2024-23292e9f6d)
The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-23292e9f6d advisory. Update pyo3 to version 0.22.4. This version addresses a potential use-after-free RUSTSEC-2024-0378. Tenable has extracted the preceding description block...
Fedora: Security Advisory (FEDORA-2024-44f01d9c69)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2024-23292e9f6d)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 39 : php (2024-52c23ef1ec)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-52c23ef1ec advisory. PHP version 8.2.20 06 Jun 2024 CGI: Fixed buffer limit on Windows, replacing read call usage by read. David Carlier Fixed bug GHSA-3qgc-jrrr-25jv...
Fedora: Security Advisory for rust-bindgen-cli (FEDORA-2024-40ee18b2e7)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 39 Update: rust-bindgen-cli-0.69.4-2.fc39
Automatically generates Rust FFI bindings to C and C++ libraries...
Fedora: Security Advisory for rust-bindgen-cli (FEDORA-2024-ce2936b568)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: rust-bindgen-cli-0.69.4-2.fc40
Automatically generates Rust FFI bindings to C and C++ libraries...
rustls-ffi (=0.10.0) potentially affected by CVE-2024-32650 via rustls (=0.21.0)
rustls CARGO version =0.21.0 is affected by a known vulnerability. The following packages have a transitive dependency on rustls and may be impacted: - rustls-ffi =0.10.0 Source cves: CVE-2024-32650 Source advisory: OSV:GHSA-6G7W-8WPP-FRHJ...
RUSTSEC-2024-0336 `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input
If a closenotify alert is received during a handshake, completeio does not terminate. Callers which do not call completeio are not affected. rustls-tokio and rustls-ffi do not call completeio and are not affected. rustls::Stream and rustls::StreamOwned types use completeio and are affected...
Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass
Summary Use of raw file descriptors in opnodeipcpipe leads to premature close of arbitrary file descriptors, allowing standard input to be re-opened as a different resource resulting in permission prompt bypass. Details Node childprocess IPC relies on the JS side to pass the raw IPC file descript...
[SECURITY] Fedora 38 Update: rust-kvm-bindings-0.7.0-1.fc38
Rust FFI bindings to KVM generated using bindgen...
Fedora: Security Advisory for rust-kvm-bindings (FEDORA-2024-f2305d485f)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 39 Update: rust-kvm-bindings-0.7.0-1.fc39
Rust FFI bindings to KVM generated using bindgen...
GHSA-FQ33-VMHV-48XH ntru-rs has unsound FFI: Wrong API usage causes write past allocated area
The following usage causes undefined behavior. rust let kp: ntru::types::KeyPair = …; kp.getpublic.exportDefault::default When compiled with debug assertions, the code above will trigger a attempt to subtract with overflow panic before UB occurs. Other mistakes e.g. using EncParams from a differe...
ntru-rs has unsound FFI: Wrong API usage causes write past allocated area
The following usage causes undefined behavior. rust let kp: ntru::types::KeyPair = …; kp.getpublic.exportDefault::default When compiled with debug assertions, the code above will trigger a attempt to subtract with overflow panic before UB occurs. Other mistakes e.g. using EncParams from a differe...