Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS02Z2dyLWN3djQtZzdxZ84AA3_E
Remotely exploitable denial of service in Rosenpass
Affected versions of this crate did not validate the size of buffers when attempting to decode messages.
This allows an attacker to trigger a panic by sending a UDP datagram with a 1 byte payload over network.
This flaw was corrected by validating the size of the buffers before attempting to decode the message.
Permalink: https://github.com/advisories/GHSA-6ggr-cwv4-g7qgJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02Z2dyLWN3djQtZzdxZ84AA3_E
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 11 months ago
Updated: 11 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-6ggr-cwv4-g7qg
References:
- https://github.com/rosenpass/rosenpass/commit/93439858d1c44294a7b377f775c4fc897a370bb2
- https://rustsec.org/advisories/RUSTSEC-2023-0077.html
- https://github.com/advisories/GHSA-6ggr-cwv4-g7qg
Blast Radius: 1.0
Affected Packages
cargo:rosenpass
Dependent packages: 0Dependent repositories: 0
Downloads: 11,995 total
Affected Version Ranges: < 0.2.1
Fixed in: 0.2.1
All affected versions: 0.1.1, 0.2.0
All unaffected versions: 0.2.1, 0.2.2