OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-30 00:03:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

Flaw in CBOR deserializer allows stack overflow

Browse Source
This commit is contained in:
pyfisch
2019-10-10 11:43:01 +02:00
committed by GitHub
parent 0b637794de
commit 3afc9e6afc
1 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
crates/serde_cbor/RUSTSEC-0000-0000.toml Normal file
View File

@@ -0,0 +1,16 @@
[advisory]
id = "RUSTSEC-0000-0000"
package = "serde_cbor"
date = "2019-10-03"
title = "Flaw in CBOR deserializer allows stack overflow"
description = """
Affected versions of this crate did not properly check if semantic tags were nested excessively during deserialization.
This allows an attacker to craft small (< 1 kB) CBOR documents that cause a stack overflow.
The flaw was corrected by limiting the allowed number of nested tags.
"""
patched_versions = [">= 0.10.2"]
url = "https://github.com/pyfisch/cbor/releases/tag/v0.10.2"
categories = ["crypto-failure"]
keywords = ["stack-overflow", "crash", "denial-of-service"]