7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.0005 Low
EPSS
Percentile
17.0%
Panic vulnerability when a specially crafted payload is used.
This is because of the following calculation:
inner_payload_len + (4 - inner_payload_len % 4) % 4
If inner_payload_len
is 0xffffffff
, (4 - inner_payload_len % 4) % 4 = 1
so
inner_payload_len + (4 - inner_payload_len % 4) % 4 = u32::MAX + 1
which overflow.
Check that inner_payload_len
is not above 64 which should never be the case.
Patched in version 0.0.8
Sanitize input payload before it is passed to the vulnerable function so that bytes in payload[32..32+4]
and parsed as a u32
is not above 64.
GitHub issue #58
CPE | Name | Operator | Version |
---|---|---|---|
stellar-strkey | lt | 0.0.8 |
github.com/stellar/rs-stellar-strkey
github.com/stellar/rs-stellar-strkey/commit/83adad0f5b1cda693c7ba8524d395add8077865f
github.com/stellar/rs-stellar-strkey/issues/58
github.com/stellar/rs-stellar-strkey/pull/59
github.com/stellar/rs-stellar-strkey/releases/tag/v0.0.8
github.com/stellar/rs-stellar-strkey/security/advisories/GHSA-5873-6fwq-463f
nvd.nist.gov/vuln/detail/CVE-2023-46135