- CVSS Score
- CVSS Details
- Attack vector
- Attack complexity
- Privileges required
- User interaction
- CVSS Vector
Affected versions of this crate suffered from an integer overflow bug when
calculating the size of a buffer to use when encoding base64 using the
encode_config functions. If the input string
was large, this would cause a buffer to be allocated that was too small.
Since this function writes to the buffer using unsafe code, it would
allow an attacker to write beyond the buffer, causing memory corruption
and possibly the execution of arbitrary code.
This flaw was corrected by using checked arithmetic to calculate
the size of the buffer.