HistoryEdit

RUSTSEC-2020-0075

Unexpected panic when decoding tokens

Issued
Package
branca (crates.io)
Type
Vulnerability
Categories
Keywords
#decoding #panic #untrusted-data
Aliases
Details
https://github.com/return/branca/issues/24
CVSS Score
5.5 MEDIUM
CVSS Details
Attack vector
Local
Attack complexity
Low
Privileges required
Low
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Patched
  • >=0.10.0
Keywords
#decoding #panic #untrusted-data
Affected Functions
Version
branca::Branca::decode
  • <0.10.0
branca::decode
  • <0.10.0

Description

Prior to 0.10.0 it was possible to have both decoding functions panic unexpectedly, by supplying tokens with an incorrect base62 encoding.

The documentation stated that an error should have been reported instead.