Описание
Uncontrolled Resource Consumption in simple_asn1
An issue was discovered in the simple_asn1 crate 0.6.0 before 0.6.1 for Rust. There is a panic if UTCTime data, supplied by a remote attacker, has a second character greater than 0x7f.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-45711
- https://github.com/acw/simple_asn1/issues/27
- https://github.com/acw/simple_asn1/commit/d7d39d709577710e9dc8833ee57d200eef366db8
- https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/simple_asn1/RUSTSEC-2021-0125.md
- https://rustsec.org/advisories/RUSTSEC-2021-0125.html
Пакеты
Наименование
simple_asn1
rust
Затронутые версииВерсия исправления
= 0.6.0
0.6.1
Связанные уязвимости
CVSS3: 7.5
nvd
около 4 лет назад
An issue was discovered in the simple_asn1 crate 0.6.0 before 0.6.1 for Rust. There is a panic if UTCTime data, supplied by a remote attacker, has a second character greater than 0x7f.