When URL parsers disagree (vulnerability in rsvg)

www.canva.dev

cross-posted to:
reverseengineering@zerobytes.monster
rust@programming.dev
hackernews@lemmit.online
hackernews@lemmy.smeargle.fans
hackernews@derp.foo
technews@radiation.party
netsec@lemmy.world

When URL parsers disagree (vulnerability in rsvg)

www.canva.dev

Lemmit.Online bot@lemmit.onlineMB to

The Rust Programming Language@lemmit.onlineEnglish · 1 year ago

cross-posted to:
reverseengineering@zerobytes.monster
rust@programming.dev
hackernews@lemmit.online
hackernews@lemmy.smeargle.fans
hackernews@derp.foo
technews@radiation.party
netsec@lemmy.world

When URL parsers disagree (CVE-2023-38633) - Canva Engineering Blog

www.canva.dev

Discovery and walkthrough of CVE-2023-38633 in librsvg, when two URL parser implementations (Rust and Glib) disagree on file scheme parsing leading to path traversal.

This is an automated archive made by the Lemmit Bot.

The original was posted on /r/rust by /u/dochtman on 2023-09-07 21:20:45.

You must log in or register to comment.

Chat