RUSTSEC-2018-0001

An integer underflow could lead to panic

Issued
Package
untrusted (crates.io)
Type
Vulnerability
Aliases
Details
https://github.com/briansmith/untrusted/pull/20
Patched
  • >=0.6.2
Keywords
  • crash

Description

A mistake in error handling in untrusted before 0.6.2 could lead to an integer underflow and panic if a user of the crate didn't properly check for errors returned by untrusted.

Combination of these two programming errors (one in untrusted and another by user of this crate) could lead to a panic and maybe a denial of service of affected software.

The error in untrusted is fixed in release 0.6.2 released 2018-06-21. It's also advisable that users of untrusted check for their sources for cases where errors returned by untrusted are not handled correctly.

More