HistoryEdit

RUSTSEC-2022-0030

Stack overflow during recursive expression parsing

Issued
Package
rulex (crates.io)
Type
Vulnerability
Categories
Aliases
Details
https://github.com/rulex-rs/rulex/security/advisories/GHSA-v78m-2q7v-fjqp
Patched
  • >=0.4.3

Description

When parsing untrusted rulex expressions, the stack may overflow, possibly enabling a Denial of Service attack. This happens when parsing an expression with several hundred levels of nesting, causing the process to abort immediately.

The flaw was corrected in commits 60aa2dc03a by adding a check to recursion depth.