CVE-2016-10933

Name of the Vulnerable Software and Affected Versions portaudio crate versions prior to 0.7.1

Description The issue concerns a man-in-the-middle problem due to the use of cleartext HTTP for downloading the source code. This allows an attacker to intercept the download and potentially achieve remote code execution (RCE) by replacing the original source code with a malicious archive.

Recommendations For portaudio crate versions prior to 0.7.1, update to version 0.7.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the build script that downloads the portaudio source over HTTP until a secure version is available. Avoid using the build script in untrusted networks to minimize the risk of exploitation.