40 matches found
AZL-48312 CVE-2024-43806 affecting package virtiofsd for versions less than 1.8.0-3
Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and...
AZL-48330 CVE-2024-43806 affecting package kata-containers-cc for versions less than 3.2.0.azl4-1
Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and...
AZL-48327 CVE-2024-43806 affecting package flux for versions less than 0.194.5-4
Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and...
AZL-48333 CVE-2024-43806 affecting package kata-containers for versions less than 3.2.0.azl4-1
Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and...
CVE-2024-43806
Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and...
AZL-48304 CVE-2024-43806 affecting package rust for versions less than 1.72.0-9
Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and...
AZL-48300 CVE-2024-43806 affecting package cloud-hypervisor for versions less than 32.0-7
Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and...
UBUNTU-CVE-2024-43806
Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and...
CVE-2024-43806 `rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosion
Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and...
CVE-2024-43806 `rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosion
Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and...
CVE-2024-43806 `rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosion
Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and...
rustix 安全漏洞
rustix is a secure Rust binding to a POSIX-style API open-sourced by the Bytecode Alliance. A security vulnerability exists in rustix that stems from memory over-allocation, which could lead to a rapid and unlimited memory explosion...
Security Bulletin: rustix-0.37.20.crate, rustix-0.38.14.crate and rustix-0.38.2.crate is vulnerable to WS-2023-0366 used in IBM Maximo Application Suite - Edge Data Collector
Summary IBM Maximo Application Suite - Edge Data Collector uses rustix-0.37.20.crate, rustix-0.38.14.crate and rustix-0.38.2.crate which is vulnerable to WS-2023-0366 Vulnerability Details IBM X-Force ID: 269579 DESCRIPTION: Bytecode Alliance rustix is vulnerable to a denial of service, caused by...
GHSA-C827-HFW6-QWVM rustix's `rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosion
Summary When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and unbounded memory explosion gigabytes in a few seconds i...
rustix's `rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosion
Summary When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and unbounded memory explosion gigabytes in a few seconds i...
PT-2023-32952 · Trustix +2 · Rustix +2
Name of the Vulnerable Software and Affected Versions: Rustix versions prior to 0.35.15 Rustix versions prior to 0.36.16 Rustix versions prior to 0.37.25 Rustix versions prior to 0.38.19 Description: The issue arises when using rustix::fs::Dir with the linux raw backend, where the iterator can ge...
Linux Kernel 'setup_arg_pages()' Denial of Service Vulnerability
No description provided by source. //source: http://www.securityfocus.com/bid/44301/info / known for over a year, fixed in grsec bug is due to a bad limit on the max size of the stack for 32bit apps on a 64bit OS. Instead of them being limited to 1/4th of a 32bit address space, they're limited to...
Linux Kernel "execve()"内存扩展"OOM-killer"本地拒绝服务漏洞
BUGTRAQ ID: 45004 CVE ID: CVE-2010-4243 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的"OOM-killer"功能在实现上存在安全漏洞,本地攻击者可利用此漏洞终止不相关的进程,造成拒绝服务。 漏洞源于oomkill函数看不到没有附加到任何线程的已分配内存。 Linux kernel 2.6.24.3 - 2.6.37 RedHat Enterprise Linux Desktop v.5 client 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载...
Linux Kernel 'setup_arg_pages()' Denial of Service Vulnerability
Exploit for linux platform in category dos / poc ================================================================ Linux Kernel 'setupargpages' Denial of Service Vulnerability ================================================================ / known for over a year, fixed in grsec bug is due to a b...
Linux Kernel 2.6.37 - 'setup_arg_pages()' Denial of Service
// source: https://www.securityfocus.com/bid/44301/info / known for over a year, fixed in grsec bug is due to a bad limit on the max size of the stack for 32bit apps on a 64bit OS. Instead of them being limited to 1/4th of a 32bit address space, they're limited to 1/4th of a 64bit address space -...