GoogleOSV:GHSA-5873-6FWQ-463Fstellar-strkey vulnerable to panic in SignedPayload::from_payload
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.0005 Low
EPSS
Percentile
17.0%
Impact
Panic vulnerability when a specially crafted payload is used.
This is because of the following calculation:
inner_payload_len + (4 - inner_payload_len % 4) % 4
If inner_payload_len is 0xffffffff, (4 - inner_payload_len % 4) % 4 = 1 so
inner_payload_len + (4 - inner_payload_len % 4) % 4 = u32::MAX + 1
which overflow.
Patches
Check that inner_payload_len is not above 64 which should never be the case.
Patched in version 0.0.8
Workarounds
Sanitize input payload before it is passed to the vulnerable function so that bytes in payload[32..32+4] and parsed as a u32 is not above 64.
References
GitHub issue #58
| CPE | Name | Operator | Version |
|---|---|---|---|
| stellar-strkey | lt | 0.0.8 |
References
github.com/stellar/rs-stellar-strkey
github.com/stellar/rs-stellar-strkey/commit/83adad0f5b1cda693c7ba8524d395add8077865f
github.com/stellar/rs-stellar-strkey/issues/58
github.com/stellar/rs-stellar-strkey/pull/59
github.com/stellar/rs-stellar-strkey/releases/tag/v0.0.8
github.com/stellar/rs-stellar-strkey/security/advisories/GHSA-5873-6fwq-463f
nvd.nist.gov/vuln/detail/CVE-2023-46135
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.0005 Low
EPSS
Percentile
17.0%