OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-21 02:51:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #188 from pyfisch/patch-1

Browse Source 
Flaw in CBOR deserializer allows stack overflow
This commit is contained in:
Tony Arcieri
2019-10-11 08:39:38 -07:00
committed by GitHub
parent 0b637794de 3afc9e6afc
commit e0a595f0b3
1 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
crates/serde_cbor/RUSTSEC-0000-0000.toml Normal file
View File

@@ -0,0 +1,16 @@
[advisory]
id = "RUSTSEC-0000-0000"
package = "serde_cbor"
date = "2019-10-03"
title = "Flaw in CBOR deserializer allows stack overflow"
description = """
Affected versions of this crate did not properly check if semantic tags were nested excessively during deserialization.
This allows an attacker to craft small (< 1 kB) CBOR documents that cause a stack overflow.
The flaw was corrected by limiting the allowed number of nested tags.
"""
patched_versions = [">= 0.10.2"]
url = "https://github.com/pyfisch/cbor/releases/tag/v0.10.2"
categories = ["crypto-failure"]
keywords = ["stack-overflow", "crash", "denial-of-service"]