OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-27 06:29:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Create advisory for DoS in Rosenpass <=0.2.0 (#1823)

Browse Source
This commit is contained in:
Morgan Hill
2023-12-21 19:44:13 +01:00
committed by GitHub
parent dc1d79ccc5
commit 20107217b7
1 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
crates/rosenpass/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,21 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "rosenpass"
date = "2023-11-04"
references = ["https://github.com/rosenpass/rosenpass/commit/93439858d1c44294a7b377f775c4fc897a370bb2"]
categories = ["denial-of-service"]
keywords = ["remote", "single-byte"]
license = "CC0-1.0"
[versions]
patched = [">= 0.2.1"]
```
# Remotely exploitable DoS condition in Rosenpass <=0.2.0
Affected version do this crate did not validate the size of buffers when attempting to decode messages.
This allows an attacker to trigger a panic by sending a UDP datagram with a 1 byte payload over network.
This flaw was corrected by validating the size of the buffers before attempting to decode the message.