RUSTSEC-2016-0003

HTTP download and execution allows MitM RCE

Issued
Package
portaudio (crates.io)
Type
Vulnerability
Aliases
Details
https://github.com/RustAudio/rust-portaudio/issues/144
CVSS
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Patched
no patched versions
Keywords
  • ssl
  • mitm

Description

The build script in the portaudio crate will attempt to download via HTTP the portaudio source and build it.

A Mallory in the middle can intercept the download with their own archive and get RCE.

More