OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-13 21:18:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
a90bcef811db87f91ce8ed523d8b7fa409bb2d10
advisory-db/crates/ncurses/RUSTSEC-2019-0006.toml
Tony Arcieri 01ac6725d5 Fix all advisories to pass linter 
Mostly related to the `affected_functions` field, which has changed a
few times.
2019-09-09 12:19:01 -07:00

24 lines
869 B
TOML
Raw Blame History

[advisory]
id = "RUSTSEC-2019-0006"
package = "ncurses"
date = "2019-06-15"
title = "Buffer overflow and format vulnerabilities in functions exposed without unsafe"
description = """
`ncurses` exposes functions from the ncurses library which:
- Pass buffers without length to C functions that may write an arbitrary amount of
data, leading to a buffer overflow. (`instr`, `mvwinstr`, etc)
- Passes rust &str to strings expecting C format arguments, allowing hostile
input to execute a format string attack, which trivially allows writing
arbitrary data to stack memory (functions in the `printw` family).
"""
patched_versions = []
url = "https://github.com/RustSec/advisory-db/issues/106"
[affected.functions]
"ncurses::instr" = [">= 0"]
"ncurses::mvwinstr" = [">= 0"]
"ncurses::printw" = [">= 0"]
"ncurses::mvprintw" = [">= 0"]
"ncurses::mvwprintw" = [">= 0"]
Reference in New Issue View Git Blame Copy Permalink