Опубликовано: 15 авг. 2024
Источник: github
Github: Прошло ревью
CVSS4: 6.9
CVSS3: 5.3
Описание
Stack overflow when parsing specially crafted JSON ABI strings
Affected versions of the alloy-json-abi crate did not properly handle parsing of malformatted JSON ABI strings. The JsonAbi::parse method can be tricked into a stack overflow when processing specially crafted input.
This stack overflow can lead to a crash of the application using this crate, potentially causing a denial of service.
The flaw was corrected in commit 4790c47.
Пакеты
Наименование
alloy-json-abi
rust
Затронутые версииВерсия исправления
<= 0.7.7
Отсутствует
6.9 Medium
CVSS4
5.3 Medium
CVSS3
Дефекты
CWE-400
6.9 Medium
CVSS4
5.3 Medium
CVSS3
Дефекты
CWE-400