pancurses::mvprintw
and pancurses::printw
passes a pointer from a rust &str
to C,
allowing hostile input to execute a format string attack, which trivially allows writing
arbitrary data to stack memory.
grin 1.1.0
This project contains known security vulnerabilities. Find detailed information at the bottom.
grin
(20 total, 12 outdated, 1 insecure, 1 possibly insecure)
Crate | Required | Latest | Status |
---|---|---|---|
blake2-rfc | ^0.2 | 0.2.18 | up to date |
chrono ⚠️ | ^0.4.4 | 0.4.38 | maybe insecure |
clap | ^2.31 | 4.5.4 | out of date |
ctrlc | ^3.1 | 3.4.4 | up to date |
cursive | ^0.12 | 0.20.0 | out of date |
failure | ^0.1 | 0.1.8 | up to date |
failure_derive | ^0.1 | 0.1.8 | up to date |
grin_api | ^1.1.0 | 5.3.0 | out of date |
grin_config | ^1.1.0 | 5.3.0 | out of date |
grin_core | ^1.1.0 | 5.3.0 | out of date |
grin_keychain | ^1.1.0 | 5.3.0 | out of date |
grin_p2p | ^1.1.0 | 5.3.0 | out of date |
grin_servers | ^1.1.0 | 5.3.0 | out of date |
grin_util | ^1.1.0 | 5.3.0 | out of date |
humansize | ^1.1.0 | 2.1.3 | out of date |
log | ^0.4 | 0.4.21 | up to date |
pancurses ⚠️ | ^0.16.0 | 0.17.0 | insecure |
serde | ^1 | 1.0.198 | up to date |
serde_json | ^1 | 1.0.116 | up to date |
term | ^0.5 | 0.7.0 | out of date |
(2 total, 2 outdated)
Crate | Required | Latest | Status |
---|---|---|---|
grin_chain | ^1.1.0 | 5.3.0 | out of date |
grin_store | ^1.1.0 | 5.3.0 | out of date |
pancurses
: Format string vulnerabilities in `pancurses`pancurses::mvprintw
and pancurses::printw
passes a pointer from a rust &str
to C,
allowing hostile input to execute a format string attack, which trivially allows writing
arbitrary data to stack memory.
chrono
: Potential segfault in `localtime_r` invocationsUnix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.
No workarounds are known.