OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-04 18:50:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add advisory for pancurses

Browse Source
This commit is contained in:
Thom Chiovoloni
2019-06-15 13:13:18 -07:00
parent 733c7140d1
commit 7e9fe78ade
1 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
crates/pancurses/RUSTSEC-0000-0000.toml Normal file
View File

@@ -0,0 +1,19 @@
[advisory]
id = "RUSTSEC-0000-0000"
package = "pancurses"
date = "2019-06-15"
title = "Format string vulnerabilities in `pancurses`"
description = """
`pancurses::mvprintw` and `pancurses::printw` passes a pointer from a rust `&str` to C,
allowing hostile input to execute a format string attack, which trivially allows writing
arbitrary data to stack memory.
"""
patched_versions = []
url = "https://github.com/RustSec/advisory-db/issues/106"
affected_functions = ["pancurses::mvprintw", "pancurses::printw"]