mirror of
https://github.com/rustsec/advisory-db.git
synced 2025-12-27 01:54:07 -05:00
50 lines
1.7 KiB
Markdown
50 lines
1.7 KiB
Markdown
```toml
|
|
[advisory]
|
|
id = "RUSTSEC-0000-0000"
|
|
package = "crate-name"
|
|
date = "2020-01-31"
|
|
#withdrawn = "YYYY-MM-DD"
|
|
url = "https://example.com"
|
|
#references = ["https://github.com/mystuff/mycrate/discussions/1"]
|
|
#informational = "unmaintained"
|
|
# See https://docs.rs/rustsec/latest/rustsec/advisory/enum.Category.html
|
|
categories = ["code-execution", "privilege-escalation"]
|
|
#cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
|
|
keywords = ["example", "freeform", "keywords"]
|
|
#aliases = ["CVE-YYYY-NNNN"]
|
|
#related = []
|
|
#license = "CC0-1.0"
|
|
|
|
[affected]
|
|
#arch = ["x86"]
|
|
#os = ["windows"]
|
|
|
|
#[affected.functions]
|
|
#"crate_name::MyStruct::vulnerable_fn" = [">= 1.3.0, < 1.3.4"]
|
|
|
|
[versions]
|
|
patched = [">= 1.2.3, < 1.3.0", ">= 1.3.4"]
|
|
unaffected = ["<= 0.1.2"]
|
|
```
|
|
|
|
# RustSec Advisory Template - Advisory Title Goes Here
|
|
|
|
This is an example template for a RustSec advisory. Please copy this to
|
|
`crates/<crate-name>` and rename it to `RUSTSEC-0000-0000.md`.
|
|
|
|
In this section of the advisory, you can write an extended description
|
|
of the vulnerability, will be converted into HTML and rendered at
|
|
<https://rustsec.org>.
|
|
|
|
- Markdown formatted
|
|
- TOML "front matter". See `README.md` for schema.
|
|
- Please include as much detail as you'd like.
|
|
|
|
A well-structured advisory will include information like:
|
|
|
|
Affected versions of this crate did not properly check for integer overflow when allocating a buffer in `MyBuffer::with_capacity()` (bug description/location/root cause).
|
|
|
|
This can result in a memory corruption (consequence of the bug) when a large integer is given to the parameter (trigger condition).
|
|
|
|
The flaw was corrected in commit abc123 by using `saturating_mul()` when calculating the buffer size (fix description).
|