- Reported
-
- Issued
-
- Package
-
rulex
(crates.io)
- Type
-
Vulnerability
- Categories
-
- Aliases
-
- References
-
- Patched
-
Description
When parsing untrusted rulex expressions, the stack may overflow, possibly
enabling a Denial of Service attack. This happens when parsing an expression
with several hundred levels of nesting, causing the process to abort
immediately.
The flaw was corrected in commits 60aa2dc03a by adding a check to recursion
depth.
Advisory available under CC0-1.0
license.