rustsec · Shnatsel · Mar 5, 2024 · Mar 5, 2024 · Mar 5, 2024 · Mar 5, 2024
diff --git a/crates/whoami/RUSTSEC-0000-0000.md b/crates/whoami/RUSTSEC-0000-0000.md
@@ -0,0 +1,31 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "whoami"
+date = "2024-02-28"
+url = "https://github.com/ardaku/whoami/issues/91"
+categories = ["denial-of-service", "memory-corruption"]
+keywords = ["buffer-overflow", "stack-buffer-overflow", "cwe-121"]
+
+[affected]
+# Other Unix OSes that aren't any of these may be affected as well:
+# linux, macos, freebsd, dragonfly, bitrig, openbsd, netbsd
+os = ["illumos", "solaris"]
+functions = { "whoami::username" = ["< 1.5.0"] }
+
+[versions]
+patched = [">= 1.5.0"]
+```
+
+# Stack buffer overflow with whoami on illumos and Solaris
+
+With older versions of the whoami crate, calling the `username` function leads to an immediate stack
+buffer overflow on illumos and Solaris. Denial of service and data corruption have both been
+observed in the wild, and the issue is possibly exploitable as well.
+
+This also affects any other Unix platforms that aren't any of: `linux`, `macos`, `freebsd`,
+`dragonfly`, `bitrig`, `openbsd`, `netbsd`.
+
+This issue has been addressed in whoami 1.5.0.
+
+For more information, see [this GitHub issue](https://github.com/ardaku/whoami/issues/91).