mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-02-13 21:18:11 +01:00
17 lines
630 B
TOML
17 lines
630 B
TOML
[advisory]
|
|
id = "RUSTSEC-2019-0025"
|
|
package = "serde_cbor"
|
|
date = "2019-10-03"
|
|
title = "Flaw in CBOR deserializer allows stack overflow"
|
|
description = """
|
|
Affected versions of this crate did not properly check if semantic tags were nested excessively during deserialization.
|
|
|
|
This allows an attacker to craft small (< 1 kB) CBOR documents that cause a stack overflow.
|
|
|
|
The flaw was corrected by limiting the allowed number of nested tags.
|
|
"""
|
|
patched_versions = [">= 0.10.2"]
|
|
url = "https://github.com/pyfisch/cbor/releases/tag/v0.10.2"
|
|
categories = ["crypto-failure"]
|
|
keywords = ["stack-overflow", "crash", "denial-of-service"]
|