OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-29 15:56:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add advisory for stack buffer overflow with whoami (#1911)

Browse Source 
* Advisory for whoami

* omit "informational"

* add solaris
This commit is contained in:
Rain
2024-03-04 17:31:02 -08:00
committed by GitHub
parent c4a34bd3e1
commit 7af45b5924
1 changed files with 31 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
crates/whoami/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,31 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "whoami"
date = "2024-02-28"
url = "https://github.com/ardaku/whoami/issues/91"
categories = ["denial-of-service", "memory-corruption"]
keywords = ["buffer-overflow", "stack-buffer-overflow", "cwe-121"]
[affected]
# Other Unix OSes that aren't any of these may be affected as well:
# linux, macos, freebsd, dragonfly, bitrig, openbsd, netbsd
os = ["illumos", "solaris"]
functions = { "whoami::username" = ["< 1.5.0"] }
[versions]
patched = [">= 1.5.0"]
```
# Stack buffer overflow with whoami on illumos and Solaris
With older versions of the whoami crate, calling the `username` function leads to an immediate stack
buffer overflow on illumos and Solaris. Denial of service and data corruption have both been
observed in the wild, and the issue is possibly exploitable as well.
This also affects any other Unix platforms that aren't any of: `linux`, `macos`, `freebsd`,
`dragonfly`, `bitrig`, `openbsd`, `netbsd`.
This issue has been addressed in whoami 1.5.0.
For more information, see [this GitHub issue](https://github.com/ardaku/whoami/issues/91).