Описание
An issue was discovered in the fruity crate through 0.2.0 for Rust. Security-relevant validation of filename extensions is plausibly affected. Methods of NSString for conversion to a string may return a partial result. Because they call CStr::from_ptr on a pointer to the string buffer, the string is terminated at the first '\0' byte, which might not be the end of the string.
Ссылки
- ExploitIssue TrackingPatchThird Party Advisory
- ExploitPatchThird Party Advisory
- ExploitThird Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
- ExploitPatchThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:fruity_project:fruity:0.1.0:*:*:*:*:rust:*:*
cpe:2.3:a:fruity_project:fruity:0.2.0:*:*:*:*:rust:*:*
EPSS
Процентиль: 54%
0.00307
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
EPSS
Процентиль: 54%
0.00307
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
NVD-CWE-Other