GHSA-fmwf-c46w-r8qm: qcp has possible crash/DOS in some build configurations

March 8, 2025

Nature of issue: Crash (Denial of Service) Source of issue: Dependent package (ring) Affected versions of qcp: 0.1.0-0.3.2 Recommendation: Upgrade to qcp 0.3.3 or later

References

github.com/advisories/GHSA-4p46-pwfr-66x6
github.com/advisories/GHSA-fmwf-c46w-r8qm
github.com/briansmith/ring/blob/main/RELEASES.md
github.com/crazyscot/qcp
github.com/crazyscot/qcp/security/advisories/GHSA-fmwf-c46w-r8qm
rustsec.org/advisories/RUSTSEC-2025-0009.html

Detect and mitigate GHSA-fmwf-c46w-r8qm with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →