An issue was discovered in the fruity crate through 0.2.0 for Rust. Security-relevant validation of filename extensions is plausibly affected. Methods of NSString for conversion to a string may return a partial result. Because they call CStr::from_ptr on a pointer to the string buffer, the string is terminated at the first '\0' byte, which might not be the end of the string.
{
"source": "CPE_STRING",
"cpe": [
"cpe:2.3:a:fruity_project:fruity:0.1.0:*:*:*:*:rust:*:*",
"cpe:2.3:a:fruity_project:fruity:0.2.0:*:*:*:*:rust:*:*"
],
"extracted_events": [
{
"introduced": "0.1.0"
},
{
"last_affected": "0.1.0"
},
{
"introduced": "0.2.0"
},
{
"last_affected": "0.2.0"
}
]
}