forked from rustsec/advisory-db
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Advisories.toml
113 lines (101 loc) · 4.23 KB
/
Advisories.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
[[advisory]]
id = "RUSTSEC-2017-0001"
package = "sodiumoxide"
patched_versions = [">= 0.0.14"]
dwf = []
date = "2017-01-26"
url = "https://github.com/dnaq/sodiumoxide/issues/154"
title = "scalarmult() vulnerable to degenerate public keys"
description = """
The `scalarmult()` function included in previous versions of this crate
accepted all-zero public keys, for which the resulting Diffie-Hellman shared
secret will always be zero regardless of the private key used.
This issue was fixed by checking for this class of keys and rejecting them
if they are used.
"""
[[advisory]]
id = "RUSTSEC-2017-0002"
package = "hyper"
patched_versions = [">= 0.10.2", "< 0.10.0, >= 0.9.18"]
dwf = []
date = "2017-01-23"
url = "https://github.com/hyperium/hyper/wiki/Security-001"
title = "headers containing newline characters can split messages"
description = """
Serializing of headers to the socket did not filter the values for newline bytes (\r or \n),
which allowed for header values to split a request or response. People would not likely include
newlines in the headers in their own applications, so the way for most people to exploit this
is if an application constructs headers based on unsanitized user input.
This issue was fixed by replacing all newline characters with a space during serialization of
a header value.
"""
[[advisory]]
id = "RUSTSEC-2017-0003"
package = "security-framework"
patched_versions = [">= 0.1.12"]
dwf = []
date = "2017-03-15"
url = "https://github.com/sfackler/rust-security-framework/pull/27"
title = "Hostname verification skipped when custom root certs used"
description = """
If custom root certificates were registered with a `ClientBuilder`, the
hostname of the target server would not be validated against its presented leaf
certificate.
This issue was fixed by properly configuring the trust evaluation logic to
perform that check.
"""
[[advisory]]
id = "RUSTSEC-2017-0004"
package = "base64"
patched_versions = [">= 0.5.2"]
dwf = []
url = "https://github.com/alicemaz/rust-base64/commit/24ead980daf11ba563e4fb2516187a56a71ad319"
title = "Integer overflow leads to heap-based buffer overflow in encode_config_buf"
date = "2017-05-03"
description = """
Affected versions of this crate suffered from an integer overflow bug when
calculating the size of a buffer to use when encoding base64 using the
`encode_config_buf` and `encode_config` functions. If the input string
was large, this would cause a buffer to be allocated that was too small.
Since this function writes to the buffer using unsafe code, it would
allow an attacker to write beyond the buffer, causing memory corruption
and possibly the execution of arbitrary code.
This flaw was corrected by using checked arithmetic to calculate
the size of the buffer.
"""
[[advisory]]
id = "RUSTSEC-2017-0005"
package = "cookie"
patched_versions = ["< 0.6.0", "^0.6.2", ">= 0.7.6"]
dwf = []
url = "https://github.com/alexcrichton/cookie-rs/pull/86"
title = "Large cookie Max-Age values can cause a denial of service"
date = "2017-05-06"
description = """
Affected versions of this crate use the `time` crate and the method
`Duration::seconds` to parse the `Max-Age` duration cookie setting. This method
will panic if the value is greater than 2^64/1000 and less than or equal to
2^64, which can result in denial of service for a client or server.
This flaw was corrected by explicitly checking for the `Max-Age` being in this
integer range and clamping the value to the maximum duration value.
"""
[[advisory]]
id = "RUSTSEC-2018-0001"
package = "untrusted"
unaffected_versions = []
patched_versions = [">= 0.6.2"]
dwf = []
url = "https://github.com/briansmith/untrusted/pull/20"
title = "An integer underflow could lead to panic"
date = "2018-06-21"
description = """
A mistake in error handling in untrusted before 0.6.2 could lead to an integer
underflow and panic if a user of the crate didn't properly check for errors
returned by untrusted.
Combination of these two programming errors (one in untrusted and another by
user of this crate) could lead to a panic and maybe a denial of service of
affected software.
The error in untrusted is fixed in release 0.6.2 released 2018-06-21. It's also
advisable that users of untrusted check for their sources for cases where errors
returned by untrusted are not handled correctly.
"""