{"id":"RUSTSEC-2016-0003","summary":"HTTP download and execution allows MitM RCE","details":"The build script in the portaudio crate will attempt to download via HTTP\nthe portaudio source and build it.\n\nA Mallory in the middle can intercept the download with their own archive\nand get RCE.","aliases":["CVE-2016-10933","GHSA-pq6v-x7gp-7776"],"modified":"2023-11-08T03:58:21.697594Z","published":"2016-08-01T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/portaudio"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2016-0003.html"},{"type":"REPORT","url":"https://github.com/RustAudio/rust-portaudio/issues/144"}],"affected":[{"package":{"name":"portaudio","ecosystem":"crates.io","purl":"pkg:cargo/portaudio"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"}]}],"ecosystem_specific":{"affects":{"functions":[],"os":[],"arch":[]},"affected_functions":null},"database_specific":{"categories":[],"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2016-0003.json","cvss":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","informational":null}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}