RUSTSEC-2023-0077: Vulnerability in rosenpass

Rust Crates.io Security Advisory


History
Edit
JSON (OSV)

RUSTSEC-2023-0077

Remotely exploitable DoS condition in Rosenpass <=0.2.0


Reported
Issued

Package

rosenpass
(crates.io)

Type

Vulnerability

Categories
Keywords

#remote

#single-byte

References
Patched
  • >=0.2.1

Description

Affected version do this crate did not validate the size of buffers when attempting to decode messages.

This allows an attacker to trigger a panic by sending a UDP datagram with a 1 byte payload over network.

This flaw was corrected by validating the size of the buffers before attempting to decode the message.

Advisory available under CC0-1.0
license.

READ MORE