Candid infinite decoding loop through specially crafted payload

Impact The Candid library causes a Denial of Service while parsing a specially crafted payload with empty data type. For example, if the payload is record ; empty and the canister interface expects record then the rust candid decoder treats empty as an extra field required by the type. The proble...

GHSA-7787-P7X6-FQ3J Candid infinite decoding loop through specially crafted payload

Impact The Candid library causes a Denial of Service while parsing a specially crafted payload with empty data type. For example, if the payload is record ; empty and the canister interface expects record then the rust candid decoder treats empty as an extra field required by the type. The proble...

CVE-2023-6245

The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is record ; empty and the canister interface expects record then the Rust candid decoder treats empty as an extra field required by the type. The problem wit...

CVE-2023-6245

The CVE-2023-6245 issue affects the Candid library used by Rust candid decoder. A specially crafted payload exploiting the data type empty can cause an infinite decoding loop, effectively triggering a Denial of Service as decoding runs until the execution round instruction limit is reached. Motok...

CVE-2023-6245 Infinite decoding loop through specially crafted payload

The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is record ; empty and the canister interface expects record then the Rust candid decoder treats empty as an extra field required by the type. The problem wit...

CVE-2023-6245 Infinite decoding loop through specially crafted payload

The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is record ; empty and the canister interface expects record then the Rust candid decoder treats empty as an extra field required by the type. The problem wit...

RUSTSEC-2023-0073 Infinite decoding loop through specially crafted payload

The Candid library causes a Denial of Service while parsing a specially crafted payload with empty data type. For example, if the payload is record ; empty and the canister interface expects record then the rust candid decoder treats empty as an extra field required by the type. The problem with...

Kaspersky AntiVirus - UPX Parsing Memory Corruption

Kaspersky AntiVirus - UPX Parsing Memory Corruption Source: https://code.google.com/p/google-security-research/issues/detail?id=527 While fuzzing UPX packed files, this crash was discovered resulting in an arbitrary stack-relative write. This vulnerability is obviously remotely exploitable for...

PNG Image Metadata Found Leveraging iFrame Injections

Researchers have discovered a relatively new way to distribute malware that relies on reading JavaScript code stored in an obfuscated PNG file’s metadata to trigger iFrame injections. The technique makes it highly unlikely a virus scanner would catch it because the injection method is so deeply...