- Reported
-
- Issued
-
- Package
-
multihash
(crates.io)
- Type
-
Vulnerability
- Categories
-
- Keywords
-
#parsing
#panic
#untrusted-data
- Aliases
-
- Details
-
https://github.com/multiformats/rust-multihash/pull/72
- CVSS Score
- 7.5
HIGH
- CVSS Details
-
- Attack vector
- Network
- Attack complexity
- Low
- Privileges required
- None
- User interaction
- None
- Scope
- Unchanged
- Confidentiality
- None
- Integrity
- None
- Availability
- High
- CVSS Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Patched
-
- Affected Functions
- Version
multihash::digests::MultihashGeneric::from_bytes
-
multihash::digests::MultihashRefGeneric::from_slice
-
Description
In versions prior 0.11.3 it's possible to make from_slice
panic by feeding it certain malformed input.
It's never documented that from_slice
(and from_bytes
which wraps it) can panic, and its' return type (Result<Self, DecodeError>
) suggests otherwise.
In practice, from_slice
/from_bytes
is frequently used in networking code (for example in rust-libp2p) and is being called with unsanitized data from untrusted sources.
This can allow attackers to cause DoS by causing an unexpected panic
in the network client's code.