pancurses::mvprintw
and pancurses::printw
passes a pointer from a rust &str
to C,
allowing hostile input to execute a format string attack, which trivially allows writing
arbitrary data to stack memory.
ratch 0.3.1
This project contains known security vulnerabilities. Find detailed information at the bottom.
ratch
(4 total, 4 outdated, 1 insecure)
Crate | Required | Latest | Status |
---|---|---|---|
clap | ^2.23.0 | 4.5.4 | out of date |
duct | ^0.11.1 | 0.13.7 | out of date |
os_pipe | ^0.8.0 | 1.1.5 | out of date |
pancurses ⚠️ | ^0.16.0 | 0.17.0 | insecure |
pancurses
: Format string vulnerabilities in `pancurses`pancurses::mvprintw
and pancurses::printw
passes a pointer from a rust &str
to C,
allowing hostile input to execute a format string attack, which trivially allows writing
arbitrary data to stack memory.