This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
{"id": "CVE-2021-1000007", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-1000007", "description": "This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.", "published": "2022-02-25T12:35:45", "modified": "2022-02-25T12:35:45", "epss": [], "cvss": {}, "cvss2": {}, "cvss3": {}, "href": "", "reporter": "candidate", "references": [], "cvelist": ["CVE-2021-1000007"], "immutableFields": [], "lastseen": "2022-02-25T12:35:45", "viewCount": 8, "enchantments": {"backreferences": {"references": [{"type": "rustsec", "idList": ["RUSTSEC-2021-0041"]}]}, "score": {"value": 7.1, "uncertanity": 1.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "osv", "idList": ["OSV:RUSTSEC-2021-0041"]}, {"type": "rustsec", "idList": ["RUSTSEC-2021-0041"]}]}, "vulnersScore": 7.1}, "_state": {"dependencies": 1698440463, "score": 1698440334, "epss": 0}, "_internal": {"score_hash": "bbda0f8408b4311add55e0412d7c5a3f"}, "cna_cvss": {}, "cpe": [], "cpe23": [], "cwe": [], "affectedSoftware": [], "affectedConfiguration": [], "cpeConfiguration": {}, "extraReferences": [], "product_info": [], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [], "exploits": [], "assigned": "1976-01-01T00:00:00"}
{"osv": [{"lastseen": "2022-05-11T21:35:50", "description": "The `parse_duration::parse` function allows for parsing duration strings with exponents like `5e5s` where under the hood, the [`BigInt` type along with the `pow` function are used for such payloads](https://github.com/zeta12ti/parse_duration/blob/26940ab5cd4e3a9d6bd97aa101f8d4bbfd18ee8c/src/parse.rs#L335). Passing an arbitrarily big exponent makes the `parse_duration::parse` function to process the payload for a very long time taking up CPU and memory.\n\nThis allows an attacker to cause a DoS if the `parse_duration::parse` function is used to process untrusted input.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-03-18T12:00:00", "type": "osv", "title": "Denial of service through parsing payloads with too big exponent", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1000007", "CVE-2021-29932"], "modified": "2021-10-19T22:14:35", "id": "OSV:RUSTSEC-2021-0041", "href": "https://osv.dev/vulnerability/RUSTSEC-2021-0041", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "rustsec": [{"lastseen": "2023-06-13T15:05:59", "description": "The `parse_duration::parse` function allows for parsing duration strings with exponents like `5e5s` where under the hood, the [`BigInt` type along with the `pow` function are used for such payloads](https://github.com/zeta12ti/parse_duration/blob/26940ab5cd4e3a9d6bd97aa101f8d4bbfd18ee8c/src/parse.rs#L335). Passing an arbitrarily big exponent makes the `parse_duration::parse` function to process the payload for a very long time taking up CPU and memory.\n\nThis allows an attacker to cause a DoS if the `parse_duration::parse` function is used to process untrusted input.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-18T12:00:00", "type": "rustsec", "title": "Denial of service through parsing payloads with too big exponent", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1000007", "CVE-2021-29932"], "modified": "2023-06-13T13:10:24", "id": "RUSTSEC-2021-0041", "href": "https://rustsec.org/advisories/RUSTSEC-2021-0041", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}
CVE-2021-1000007
