RUSTSEC-2024-0020: Vulnerability in whoami

Rust Crates.io Security Advisory


History
Edit
JSON (OSV)

RUSTSEC-2024-0020

Stack buffer overflow with whoami on illumos and Solaris


Reported
Issued

Package

whoami
(crates.io)

Type

Vulnerability

Categories
Keywords

#buffer-overflow

#stack-buffer-overflow

#cwe-121

References
Patched
  • >=1.5.0
Affected OSes
  • illumos
  • solaris
Affected Functions
Version
whoami::username
  • <1.5.0

Description

With older versions of the whoami crate, calling the username function leads to an immediate stack
buffer overflow on illumos and Solaris. Denial of service and data corruption have both been
observed in the wild, and the issue is possibly exploitable as well.

This also affects any other Unix platforms that aren't any of: linux, macos, freebsd,
dragonfly, bitrig, openbsd, netbsd.

This issue has been addressed in whoami 1.5.0.

For more information, see this GitHub issue.

Advisory available under CC0-1.0
license.

READ MORE