New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Known vulnerability in dependency 'pnet' v 0.25.0 #2347
Comments
This doesn't really seem to have been fixed yet. (libpnet/libpnet#455) |
Good catch, I will file an update to the security advisory database. |
Thanks for the report, definitely worth getting a fix in. Good news is that its only used in hyper's unit tests, so not part of the actually library |
Additionally, it looks like the unit tests do not use any of the code in libpnet which is affected by this vulnerability. |
Additionally, only depend on pnet_datalink to reduce compile times. Closes hyperium#2347
Additionally, only depend on pnet_datalink to reduce compile times. Closes hyperium#2347
Additionally, only depend on pnet_datalink to reduce compile times. Closes hyperium#2347
Thanks to the quick reply of the pnet devs, the pull request has been merged and the issue fixed in 0.27.2. Thank you too for your quick replies! |
…perium#2348) Additionally, only depend on pnet_datalink to reduce compile times. Closes hyperium#2347
I ran
cargo audit
on the current master and got a match for a known vulnerability in pnet 0.25.0:ID: RUSTSEC-2019-0037
Package: pnet
Version: 0.25.0
Fixed in: not yet fixed
Title: Compiler optimisation for next_with_timeout in pnet::transport::IcmpTransportChannelIterator flaws to SEGFAULT
Description: Affected versions of this crate were optimized out by compiler, which caused dereference of uninitialized file descriptor which caused segfault.
Issue: pnet GitHub issue #449
The text was updated successfully, but these errors were encountered: