CVE-2016-10933

Medium

An issue was discovered in the portaudio crate through 0.7.0 for Rust. There is a man-in-the-middle issue because the source code is…

mitre·CWE-254·Published 2019-08-26

CVSS

5.9

EPSS

0.01

KEV

Exploits

cve.orgen

164 chars

An issue was discovered in the portaudio crate through 0.7.0 for Rust. There is a man-in-the-middle issue because the source code is downloaded over cleartext HTTP.

NVDen

164 chars

An issue was discovered in the portaudio crate through 0.7.0 for Rust. There is a man-in-the-middle issue because the source code is downloaded over cleartext HTTP.

The build script in the portaudio crate will attempt to download via HTTP the portaudio source and build it. A Mallory in the middle can intercept the download with their own archive and get RCE.

GHSAen

164 chars

An issue was discovered in the portaudio crate through 0.7.0 for Rust. There is a man-in-the-middle issue because the source code is downloaded over cleartext HTTP.

NVDes

216 chars

Se descubrió un problema en el paquete (crate) portaudio versiones hasta 0.7.0 para Rust. Se presenta un problema de tipo man-in-the-middle porque el código fuente es descargado por medio de HTTP en texto sin cifrar.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N
3.0	Primary	NVD	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
3.1	Secondary	GHSA	5.9	—	—	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N