Add advisory for stack buffer overflow with whoami

rustsec / advisory-db

Security advisory database for Rust crates published through crates.io

https://rustsec.org

Other

892 stars 342 forks source link

Add advisory for stack buffer overflow with whoami #1911

Closed sunshowers closed 4 months ago

sunshowers commented 4 months ago

See:

Questions:

Some other Unix platforms may also be affected. It's hard to enumerate a full list here, but happy to add them as they come to mind for people.

AldaronLau commented 4 months ago

Would it be important to note that this doesn't affect whoami < 0.5.3 (from 5 years ago)?

This is also a problem on freebsd, dragonfly, bitrig, openbsd, netbsd with whoami >= 0.5.3, < 1.0.1 (not sure if that would count separately from this or not).

AldaronLau commented 4 months ago

Also just noticed this affects not only whoami::username(), but additionally whoami::realname(), whoami::username_os(), and whoami::realname_os().

Shnatsel commented 4 months ago

Yes, that would be useful. We have the unaffected field for that.

sunshowers commented 4 months ago

Thanks. I'll send an update shortly.