Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
rustsecRustsecRUSTSEC-2018-0006
HistorySep 17, 2018 - 12:00 p.m.

Uncontrolled recursion leads to abort in deserialization

2018-09-1712:00:00
rustsec.org
7

EPSS

0.001

Percentile

44.0%

JSON

Affected versions of this crate did not prevent deep recursion while
deserializing data structures.

This allows an attacker to make a YAML file with deeply nested structures
that causes an abort while deserializing it.

The flaw was corrected by checking the recursion depth.

Note: clap 2.33 is not affected by this because it uses yaml-rust
in a way that doesn’t trigger the vulnerability. More specifically:

  1. The input to the YAML parser is always trusted - is included at compile
    time via include_str!.

  2. The nesting level is never deep enough to trigger the overflow in practice
    (at most 5).

Related

osv 3
github 1
debiancve 1
nvd 1
ubuntucve 1
cvelist 1
prion 1
cve 1
osv
osv
CVE-2018-20993
2019-08-26 13:15:11
Uncontrolled recursion leads to abort in deserialization
2018-09-17 12:00:00
Uncontrolled recursion in rust-yaml
2021-08-25 20:43:13
github
github
Uncontrolled recursion in rust-yaml
2021-08-25 20:43:13
debiancve
debiancve
CVE-2018-20993
2019-08-26 13:15:11
nvd
nvd
CVE-2018-20993
2019-08-26 13:15:11
ubuntucve
ubuntucve
CVE-2018-20993
2019-08-26 00:00:00
cvelist
cvelist
CVE-2018-20993
2019-08-26 12:32:43
prion
prion
Deserialization of untrusted data
2019-08-26 13:15:00
cve
cve
CVE-2018-20993
2019-08-26 13:15:11

EPSS

0.001

Percentile

44.0%

JSON
Related for RUSTSEC-2018-0006
osv3github1debiancve1nvd1ubuntucve1cvelist1prion1cve1