- CVSS Score
- CVSS Details
- Attack vector
- Attack complexity
- Privileges required
- User interaction
- CVSS Vector
Affected versions of this crate tried to preallocate a vector for an arbitrary amount of bytes announced by the ASN.1-DER length field without further checks.
This allows an attacker to trigger a SIGABRT by creating length fields that announce more bytes than the allocator can provide.
The flaw was corrected by not preallocating memory.
Advisory available under CC0-1.0