Описание
Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| rust-idna | fixed | 1.0.3-1 | experimental | package |
| rust-idna | fixed | 1.0.3-2 | package | |
| rust-idna | no-dsa | bookworm | package | |
| rust-idna | postponed | bullseye | package |
Примечания
https://rustsec.org/advisories/RUSTSEC-2024-0421.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1887898
Связанные уязвимости
Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.
Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.
Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.
