OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-08 12:37:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #113 from KizzyCode/master

Browse Source 
Filing issue for `asn1_der`
This commit is contained in:
Tony Arcieri
2019-06-24 09:46:17 -07:00
committed by GitHub
parent 4d8795f676 67edcf34e4
commit c1a4315346
1 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
crates/asn1_der/RUSTSEC-0000-0000.toml Normal file
View File

@@ -0,0 +1,22 @@
[advisory]
id = "RUSTSEC-0000-0000"
package = "asn1_der"
date = "2019-06-13"
title = "Processing of maliciously crafted length fields causes memory allocation SIGABRTs"
description = """
Affected versions of this crate tried to preallocate a vector for an arbitrary amount of bytes announced by the ASN.1-DER length field without further checks.
This allows an attacker to trigger a SIGABRT by creating length fields that announce more bytes than the allocator can provide.
The flaw was corrected by not preallocating memory.
"""
patched_versions = [">= 0.6.2"]
url = "https://github.com/KizzyCode/asn1_der/issues/1"
keywords = ["dos"]