OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-27 06:29:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

update RUSTSEC-2024-0020 with additional information (#1913)

Browse Source 
* update RUSTSEC-2024-2020 with additional information

Add information about more platforms affected, per
https://github.com/rustsec/advisory-db/pull/1911#issuecomment-1978963801.

* fix syntax

* update affected.os

* remove bitrig
This commit is contained in:
Rain
2024-03-05 18:24:35 -08:00
committed by GitHub
parent f9cd39af86
commit f45909805e
1 changed files with 34 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
crates/whoami/RUSTSEC-2024-0020.md
View File

@@ -8,23 +8,47 @@ categories = ["denial-of-service", "memory-corruption"]
keywords = ["buffer-overflow", "stack-buffer-overflow", "cwe-121"]
[affected]
# Other Unix OSes that aren't any of these may be affected as well:
# linux, macos, freebsd, dragonfly, bitrig, openbsd, netbsd
os = ["illumos", "solaris"]
functions = { "whoami::username" = ["< 1.5.0"] }
# Other Unix OSes that aren't Linux or macOS are affected as well.
# bitrig is also vulnerable, but not available as a platform with
# RustSec (and appears to be a dead platform anyway).
os = ["illumos", "solaris", "dragonfly", "freebsd", "netbsd", "openbsd"]
[affected.functions]
"whoami::username" = ["< 1.5.0"]
"whoami::realname" = ["< 1.5.0"]
"whoami::username_os" = ["< 1.5.0"]
"whoami::realname_os" = ["< 1.5.0"]
[versions]
patched = [">= 1.5.0"]
unaffected = ["< 0.5.3"]
```
# Stack buffer overflow with whoami on illumos and Solaris
# Stack buffer overflow with whoami on several Unix platforms
With older versions of the whoami crate, calling the `username` function leads to an immediate stack
buffer overflow on illumos and Solaris. Denial of service and data corruption have both been
observed in the wild, and the issue is possibly exploitable as well.
With versions of the whoami crate >= 0.5.3 and < 1.5.0, calling any of these functions leads to an
immediate stack buffer overflow on illumos and Solaris:
This also affects any other Unix platforms that aren't any of: `linux`, `macos`, `freebsd`,
`dragonfly`, `bitrig`, `openbsd`, `netbsd`.
- `whoami::username`
- `whoami::realname`
- `whoami::username_os`
- `whoami::realname_os`
With versions of the whoami crate >= 0.5.3 and < 1.0.1, calling any of the above functions also
leads to a stack buffer overflow on these platforms:
- Bitrig
- DragonFlyBSD
- FreeBSD
- NetBSD
- OpenBSD
This occurs because of an incorrect definition of the `passwd` struct on those platforms.
As a result of this issue, denial of service and data corruption have both been observed in the
wild. The issue is possibly exploitable as well.
This vulnerability also affects other Unix platforms that aren't Linux or macOS.
This issue has been addressed in whoami 1.5.0.