13 matches found
EUVD-2021-1940
Malware in sbrugna...
Out of bounds write in serde_cbor
Affected versions of this crate did not properly check if semantic tags were nested excessively during deserialization. This allows an attacker to craft small 1 kB CBOR documents that cause a stack overflow. The flaw was corrected by limiting the allowed number of nested tags...
GHSA-XR7R-88QV-Q7HM Out of bounds write in serde_cbor
Affected versions of this crate did not properly check if semantic tags were nested excessively during deserialization. This allows an attacker to craft small 1 kB CBOR documents that cause a stack overflow. The flaw was corrected by limiting the allowed number of nested tags...
RUSTSEC-2021-0127 serde_cbor is unmaintained
The serdecbor crate is unmaintained. The author has archived the github repository. Alternatives proposed by the author: ciborium minicbor...
serde_cbor is unmaintained
The serdecbor crate is unmaintained. The author has archived the github repository. Alternatives proposed by the author: ciborium minicbor...
Rust buffer overflow vulnerability (CNVD-2021-37531)
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A buffer overflow vulnerability exists in Rust serdecbor crate versions prior to 0.10.2, which stems from the fact that the CBOR deserializer may cause stack consumption via nested semantic tags. No detailed...
CVE-2019-25001
An issue was discovered in the serdecbor crate before 0.10.2 for Rust. The CBOR deserializer can cause stack consumption via nested semantic tags...
CVE-2019-25001
An issue was discovered in the serdecbor crate before 0.10.2 for Rust. The CBOR deserializer can cause stack consumption via nested semantic tags...
Code injection
An issue was discovered in the serdecbor crate before 0.10.2 for Rust. The CBOR deserializer can cause stack consumption via nested semantic tags...
CVE-2019-25001
An issue was discovered in the serdecbor crate before 0.10.2 for Rust. The CBOR deserializer can cause stack consumption via nested semantic tags...
UBUNTU-CVE-2019-25001
An issue was discovered in the serdecbor crate before 0.10.2 for Rust. The CBOR deserializer can cause stack consumption via nested semantic tags...
CVE-2019-25001
An issue was discovered in the serdecbor crate before 0.10.2 for Rust. The CBOR deserializer can cause stack consumption via nested semantic tags...
CVE-2019-25001
CVE-2019-25001 affects the Rust crate serde_cbor prior to 0.10.2. The CBOR deserializer can cause stack consumption when processing nested semantic tags, enabling potential resource exhaustion. The issue is confined to the crate’s deserialization path; affected versions are those before 0.10.2. R...