cvedb.io
CVE-2021-43620
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2021-11-15T05:15:07.913 · Last modified 2026-06-17T04:11:12.523

Summary

An issue was discovered in the fruity crate through 0.2.0 for Rust. Security-relevant validation of filename extensions is plausibly affected. Methods of NSString for conversion to a string may return a partial result. Because they call CStr::from_ptr on a pointer to the string buffer, the string is terminated at the first '\0' byte, which might not be the end of the string.

Affected products

fruity_project — fruity

Does this affect you?

Add your gear to cvedb and we'll alert you only when fruity_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.