CVE-2023-46135

Опубликовано: 25 окт. 2023

Источник: nvd

CVSS3: 5.3

CVSS3: 7.5

EPSS Низкий

Описание

rs-stellar-strkey is a Rust lib for encode/decode of Stellar Strkeys. A panic vulnerability occurs when a specially crafted payload is used.inner_payload_len should not above 64. This vulnerability has been patched in version 0.0.8.

Ссылки

https://github.com/stellar/rs-stellar-strkey/issues/58
Exploit
Issue Tracking
https://github.com/stellar/rs-stellar-strkey/security/advisories/GHSA-5873-6fwq-463f
Exploit
Vendor Advisory
https://github.com/stellar/rs-stellar-strkey/issues/58
Exploit
Issue Tracking
https://github.com/stellar/rs-stellar-strkey/security/advisories/GHSA-5873-6fwq-463f
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:stellar:rs-stellar-strkey:*:*:*:*:*:rust:*:*

Версия до 0.0.8 (исключая)

EPSS

Процентиль: 38%

0.00168

Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-248

NVD-CWE-noinfo

Связанные уязвимости

GHSA-5873-6fwq-463f

CVSS3: 5.3

github

больше 2 лет назад

stellar-strkey vulnerable to panic in SignedPayload::from_payload

EPSS

Процентиль: 38%

0.00168

Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-248

NVD-CWE-noinfo