Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RUSTSEC-2019-0006: Buffer overflow and format vulnerabilities in functions exposed without unsafe #1

Open
github-actions bot opened this issue Jul 26, 2020 · 0 comments
Open

RUSTSEC-2019-0006: Buffer overflow and format vulnerabilities in functions exposed without unsafe #1

github-actions bot opened this issue Jul 26, 2020 · 0 comments

Comments

@github-actions
Copy link

Buffer overflow and format vulnerabilities in functions exposed without unsafe

Details
Package ncurses
Version 5.99.0
URL rustsec/advisory-db#106
Date 2019-06-15

ncurses exposes functions from the ncurses library which:

  • Pass buffers without length to C functions that may write an arbitrary amount of
    data, leading to a buffer overflow. (instr, mvwinstr, etc)
  • Passes rust &str to strings expecting C format arguments, allowing hostile
    input to execute a format string attack, which trivially allows writing
    arbitrary data to stack memory (functions in the printw family).

See advisory page for additional details.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
0 participants