You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Out of bounds write in serde_cbor
High severity
GitHub Reviewed
Published
Aug 25, 2021
to the GitHub Advisory Database
•
Updated Jun 13, 2023
Affected versions of this crate did not properly check if semantic tags were nested excessively during deserialization. This allows an attacker to craft small (< 1 kB) CBOR documents that cause a stack overflow. The flaw was corrected by limiting the allowed number of nested tags.
Affected versions of this crate did not properly check if semantic tags were nested excessively during deserialization. This allows an attacker to craft small (< 1 kB) CBOR documents that cause a stack overflow. The flaw was corrected by limiting the allowed number of nested tags.
References