Описание
Out of bounds write in serde_cbor
Affected versions of this crate did not properly check if semantic tags were nested excessively during deserialization. This allows an attacker to craft small (< 1 kB) CBOR documents that cause a stack overflow. The flaw was corrected by limiting the allowed number of nested tags.
Пакеты
Наименование
serde_cbor
rust
Затронутые версииВерсия исправления
< 0.10.2
0.10.2
Связанные уязвимости
CVSS3: 7.5
ubuntu
около 5 лет назад
An issue was discovered in the serde_cbor crate before 0.10.2 for Rust. The CBOR deserializer can cause stack consumption via nested semantic tags.
CVSS3: 7.5
nvd
около 5 лет назад
An issue was discovered in the serde_cbor crate before 0.10.2 for Rust. The CBOR deserializer can cause stack consumption via nested semantic tags.
CVSS3: 7.5
debian
около 5 лет назад
An issue was discovered in the serde_cbor crate before 0.10.2 for Rust ...