MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFwZ3YtZzc5Mi13aDZ4

High EPSS: 0.00389% (0.58839 Percentile) EPSS:

Permalink JSON

Uncontrolled Resource Consumption in parse_duration

Affected Packages	Affected Versions	Fixed Versions
cargo:parse_duration	<= 2.1.1	No known fixed version
45 Dependent packages 109 Dependent repositories 2,119,390 Downloads total Affected Version Ranges All affected versions 0.1.0, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 2.0.0, 2.0.1, 2.1.0, 2.1.1

An issue was discovered in the parse_duration crate through 2021-03-18 for Rust. It allows attackers to cause a denial of service (CPU and memory consumption) via a duration string with a large exponent.

References:

https://nvd.nist.gov/vuln/detail/CVE-2021-29932
https://github.com/zeta12ti/parse_duration/issues/21
https://rustsec.org/advisories/RUSTSEC-2021-0041.html
https://github.com/advisories/GHSA-qpgv-g792-wh6x

Identifiers

GHSA-qpgv-g792-wh6x

CVE-2021-29932

Risk

Severity

High

EPSS

EPSS Percentage: 0.00389

EPSS Percentile: 0.58839

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/zeta12ti/parse_duration

Date and time

Published

almost 4 years ago

Updated

over 2 years ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories