OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-06 03:29:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

RUSTSEC-2019-0006: Use -0005's format vuln wording

Browse Source 
As filed, advisory RUSTSEC-2019-0006 simply notes that certain
functions in the covered crate create a "format vulnerability". This
patch, following up on [an exchange of comments on GitHub][1], edits
advisory RUSTSEC-2019-0006 to summarize the risk introduced by a
format vulnerability, copying the wording of the associated advisory
RUSTSEC-2019-0005.

[1]: <https://github.com/RustSec/advisory-db/pull/107#pullrequestreview-250212575>
This commit is contained in:
c74d
2019-06-23 00:31:17 +00:00
parent 4d3480cc76
commit 63fbe9df35
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
crates/ncurses/RUSTSEC-2019-0006.toml
View File

@@ -10,8 +10,9 @@ description = """
- Pass buffers without length to C functions that may write an arbitrary amount of
data, leading to a buffer overflow. (`instr`, `mvwinstr`, etc)
- Passes rust &str to strings expecting C format arguments, allowing a format
vulnerability (functions in the `printw` family).
- Passes rust &str to strings expecting C format arguments, allowing hostile
input to execute a format string attack, which trivially allows writing
arbitrary data to stack memory (functions in the `printw` family).
"""
patched_versions = []