Malicious code in borsh-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 51f002385b3c94048b1a161d8afd15fab61c24c5e54a4a23d9020a22313bd3f3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-168 Malicious code in borsh-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 51f002385b3c94048b1a161d8afd15fab61c24c5e54a4a23d9020a22313bd3f3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Borsh serialization of HashMap is non-canonical

The borsh serialization of the HashMap did not follow the borsh specification. It potentially produced non-canonical encodings dependent on insertion order. It also did not perform canonicty checks on decoding. This can result in consensus splits and cause equivalent objects to be considered...

GHSA-WWQ9-3CPR-MM53 Borsh serialization of HashMap is non-canonical

The borsh serialization of the HashMap did not follow the borsh specification. It potentially produced non-canonical encodings dependent on insertion order. It also did not perform canonicty checks on decoding. This can result in consensus splits and cause equivalent objects to be considered...

RUSTSEC-2024-0402 Borsh serialization of HashMap is non-canonical

The borsh serialization of the HashMap did not follow the borsh specification. It potentially produced non-canonical encodings dependent on insertion order. It also did not perform canonicty checks on decoding. This can result in consensus splits and cause equivalent objects to be considered...

Borsh serialization of HashMap is non-canonical

The borsh serialization of the HashMap did not follow the borsh specification. It potentially produced non-canonical encodings dependent on insertion order. It also did not perform canonicty checks on decoding. This can result in consensus splits and cause equivalent objects to be considered...

PT-2024-40947 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX versions prior to 0.15.1 Description: The issue concerns the borsh serialization of the HashMap, which did not adhere to the borsh specification. This led to potential non-canonical encodings that depended on the insertion order, an...

Parsing borsh messages with ZST which are not-copy/clone is unsound

Affected versions of borsh cause undefined behavior when zero-sized-types ZST are parsed and the Copy/Clone traits are not implemented/derived. For instance if 1000 instances of a ZST are deserialized, and the ZST is not copy this can be achieved through a singleton, then accessing/writing to...

GHSA-FJX5-QPF4-XJF2 Parsing borsh messages with ZST which are not-copy/clone is unsound

Affected versions of borsh cause undefined behavior when zero-sized-types ZST are parsed and the Copy/Clone traits are not implemented/derived. For instance if 1000 instances of a ZST are deserialized, and the ZST is not copy this can be achieved through a singleton, then accessing/writing to...

borsh-schema-writer (=0.1.0), borsh-serde-adapter (=0.1.0) +7 more potentially affected by unknown CVE via borsh (>=0.10.2 <=0.10.3)

borsh CARGO version =0.10.2, =0.4.2, =0.4.1, =0.4.3 - pchain-world-state =0.4.2 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0033...

Parsing borsh messages with ZST which are not-copy/clone is unsound

Affected versions of borsh cause undefined behavior when zero-sized-types ZST are parsed and the Copy/Clone traits are not implemented/derived. For instance if 1000 instances of a ZST are deserialized, and the ZST is not copy this can be achieved through a singleton, then accessing/writing to...

RUSTSEC-2023-0033 Parsing borsh messages with ZST which are not-copy/clone is unsound

Affected versions of borsh cause undefined behavior when zero-sized-types ZST are parsed and the Copy/Clone traits are not implemented/derived. For instance if 1000 instances of a ZST are deserialized, and the ZST is not copy this can be achieved through a singleton, then accessing/writing to...

LicenseStore (=0.1.0), NT-anchor-lang (=0.19.0) +942 more potentially affected by unknown CVE via borsh (>=0.2.10 <=0.9.3)

borsh CARGO version =0.2.10, =0.19.0, =0.4.1, =0.1.0, =0.1.0, =1.0.5, =0.0.1, =0.0.1, =0.0.0-alpha, =0.0.1, =0.0.1-alpha.5 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0033...

CVE-2022-36078

CVE-2022-36078 affects github.com/gagliardetto/binary. The memory-allocation vulnerability arises when decoding data into slices (e.g., via dec.Decode(&val)) where the slice length is read from input without proper bounds checks, enabling excessive memory allocation and potential DoS. The advisor...

CVE-2022-36078 Slice Memory Allocation with Excessive Size Value in binary

Binary provides encoding/decoding in Borsh and other formats. The vulnerability is a memory allocation vulnerability that can be exploited to allocate slices in memory with arbitrary excessive size value, which can either exhaust available memory or crash the whole program. When using...

CVE-2022-36078 Slice Memory Allocation with Excessive Size Value in binary

Binary provides encoding/decoding in Borsh and other formats. The vulnerability is a memory allocation vulnerability that can be exploited to allocate slices in memory with arbitrary excessive size value, which can either exhaust available memory or crash the whole program. When using...