rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fix typos (#1729)

Browse Source
This commit is contained in:
Alexis Mousset
2023-07-15 17:07:13 +02:00
committed by GitHub
parent 5ceeefcbba
commit 1d12a1c2e3
3 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
crates/stb_image/RUSTSEC-2023-0021.md
View File

@@ -12,7 +12,7 @@ aliases = ["GHSA-ppjr-267j-5p9x"]
patched = [">= 0.2.5"] patched = [">= 0.2.5"]
``` ```
# NULL pointer derefernce in `stb_image` # NULL pointer dereference in `stb_image`
A bug in error handling in the `stb_image` C library could cause a NULL pointer dereference when attempting to load an invalid or unsupported image file. This is fixed in version 0.2.5 and later of the `stb_image` Rust crate, by patching the C code to correctly handle NULL pointers. A bug in error handling in the `stb_image` C library could cause a NULL pointer dereference when attempting to load an invalid or unsupported image file. This is fixed in version 0.2.5 and later of the `stb_image` Rust crate, by patching the C code to correctly handle NULL pointers.

4
rust/std/CVE-2021-28877.md
View File

@@ -11,6 +11,6 @@ patched = [">= 1.51.0"]
unaffected = ["< 1.11.0"] unaffected = ["< 1.11.0"]
``` ```
# TrustedRandomAaccess specialization composes incorrectly for nested iter::Zips # TrustedRandomAccess specialization composes incorrectly for nested iter::Zips
In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. In the standard library in Rust before 1.51.0, the Zip implementation calls `__iterator_get_unchecked()` for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the `TrustedRandomAccess` trait.

2
rust/std/CVE-2021-29922.md
View File

@@ -20,7 +20,7 @@ patched = [">= 1.53.0"]
Improper input validation of octal strings in rust-lang standard library `net` allows unauthenticated remote attackers to perform Improper input validation of octal strings in rust-lang standard library `net` allows unauthenticated remote attackers to perform
indeterminate SSRF, RFI, and LFI attacks on many programs that rely on rust-lang std::net. indeterminate SSRF, RFI, and LFI attacks on many programs that rely on rust-lang std::net.
IP address octects are left stripped instead of evaluated as valid IP addresses. IP address octets are left stripped instead of evaluated as valid IP addresses.
For example, an attacker submitting an IP address to a web application that relies on `std::net::IpAddr`, For example, an attacker submitting an IP address to a web application that relies on `std::net::IpAddr`,
could cause SSRF via inputting octal input data; could cause SSRF via inputting octal input data;
An attacker can submit exploitable IP addresses if the octet is 3 digits, An attacker can submit exploitable IP addresses if the octet is 3 digits,