rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
e1a39a608578ce903f445978702bac79d09263d3
advisory-db/crates/rosenpass/RUSTSEC-2023-0077.md
Alexis Mousset e1a39a6085 Sync advisories ids from GitHub (#1881)
2024-02-10 10:57:43 -05:00

729 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2023-0077"
package = "rosenpass"
date = "2023-11-04"
references = ["https://github.com/rosenpass/rosenpass/commit/93439858d1c44294a7b377f775c4fc897a370bb2"]
categories = ["denial-of-service"]
keywords = ["remote", "single-byte"]
license = "CC0-1.0"
aliases = ["GHSA-6ggr-cwv4-g7qg"]

[versions]
patched = [">= 0.2.1"]

Remotely exploitable DoS condition in Rosenpass <=0.2.0

Affected version do this crate did not validate the size of buffers when attempting to decode messages.

This allows an attacker to trigger a panic by sending a UDP datagram with a 1 byte payload over network.

This flaw was corrected by validating the size of the buffers before attempting to decode the message.