RUSTSEC-2016-0003

HTTP download and execution allows MitM RCE

Issued
Package
portaudio (crates.io)
Type
Vulnerability
Aliases
Details
https://github.com/RustAudio/rust-portaudio/issues/144
Patched
no patched versions
Keywords
  • ssl
  • mitm

Description

The build script in the portaudio crate will attempt to download via HTTP the portaudio source and build it.

A Mallory in the middle can intercept the download with their own archive and get RCE.

More