Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-6ggr-cwv4-g7qg: Remotely exploitable denial of service in Rosenpass

Affected versions of this crate did not validate the size of buffers when attempting to decode messages.

This allows an attacker to trigger a panic by sending a UDP datagram with a 1 byte payload over network.

This flaw was corrected by validating the size of the buffers before attempting to decode the message.

ghsa
#vulnerability#dos#git

Skip to content

    • Actions

      Automate any workflow

    • Packages

      Host and manage packages

    • Security

      Find and fix vulnerabilities

    • Codespaces

      Instant dev environments

    • Copilot

      Write better code with AI

    • Code review

      Manage code changes

    • Issues

      Plan and track work

    • Discussions

      Collaborate outside of code

    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles
  • Pricing
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. GHSA-6ggr-cwv4-g7qg

Remotely exploitable denial of service in Rosenpass

High severity GitHub Reviewed Published Dec 21, 2023 to the GitHub Advisory Database • Updated Dec 21, 2023

Package

cargo rosenpass (Rust)

Affected versions

< 0.2.1

Description

Affected versions of this crate did not validate the size of buffers when attempting to decode messages.

This allows an attacker to trigger a panic by sending a UDP datagram with a 1 byte payload over network.

This flaw was corrected by validating the size of the buffers before attempting to decode the message.

References

  • rosenpass/rosenpass@9343985
  • https://rustsec.org/advisories/RUSTSEC-2023-0077.html

Published to the GitHub Advisory Database

Dec 21, 2023

Last updated

Dec 21, 2023

ghsa: Latest News

GHSA-8gc2-vq6m-rwjw: Amazon Redshift Python Connector vulnerable to SQL Injection