{"id":"CVE-2021-43620","details":"An issue was discovered in the fruity crate through 0.2.0 for Rust. Security-relevant validation of filename extensions is plausibly affected. Methods of NSString for conversion to a string may return a partial result. Because they call CStr::from_ptr on a pointer to the string buffer, the string is terminated at the first '\\0' byte, which might not be the end of the string.","aliases":["GHSA-h352-g5vw-3926","RUSTSEC-2021-0123"],"modified":"2026-04-10T04:40:53.954160Z","published":"2021-11-15T05:15:07.913Z","references":[{"type":"FIX","url":"https://github.com/nvzqz/fruity/issues/14"},{"type":"FIX","url":"https://github.com/rustsec/advisory-db/pull/1102"},{"type":"EVIDENCE","url":"https://rustsec.org/advisories/RUSTSEC-2021-0123.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nvzqz/fruity","events":[{"introduced":"0"},{"last_affected":"335d33559d94b2ad2ac24d0381eb570355a466b1"},{"introduced":"0"},{"last_affected":"c1d067e8ec03e20bb6f52f7c3ab63cadd2a2b261"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.1.0"},{"introduced":"0"},{"last_affected":"0.2.0"}]}}],"versions":["v0.1.0","v0.2.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-43620.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}