RUSTSEC-2019-0005

Format string vulnerabilities in pancurses

Issued
Package
pancurses (crates.io)
Type
Vulnerability
Aliases
Details
https://github.com/RustSec/advisory-db/issues/106
Patched
no patched versions
Affected Functions
Version
pancurses::mvprintw
  • >=0
pancurses::printw
  • >=0

Description

pancurses::mvprintw and pancurses::printw passes a pointer from a rust &str to C, allowing hostile input to execute a format string attack, which trivially allows writing arbitrary data to stack memory.

More