3 matches found
CVE-2023-6245 Infinite decoding loop through specially crafted payload
The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is record ; empty and the canister interface expects record then the Rust candid decoder treats empty as an extra field required by the type. The problem wit...
CVE-2023-6245 Infinite decoding loop through specially crafted payload
The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is record ; empty and the canister interface expects record then the Rust candid decoder treats empty as an extra field required by the type. The problem wit...
CVE-2023-6245
The CVE-2023-6245 issue affects the Candid library used by Rust candid decoder. A specially crafted payload exploiting the data type empty can cause an infinite decoding loop, effectively triggering a Denial of Service as decoding runs until the execution round instruction limit is reached. Motok...