CVE-2016-10933: Source code is downloaded over cleartext HTTP in portaudio

August 25, 2021

An issue was discovered in the portaudio crate through 0.7.0 for Rust. There is a man-in-the-middle issue because the source code is downloaded over cleartext HTTP.

References

github.com/RustAudio/rust-portaudio
github.com/RustAudio/rust-portaudio/issues/144
github.com/advisories/GHSA-pq6v-x7gp-7776
nvd.nist.gov/vuln/detail/CVE-2016-10933
rustsec.org/advisories/RUSTSEC-2016-0003.html

Detect and mitigate CVE-2016-10933 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →