- Reported
-
- Issued
-
- Package
-
rosenpass
(crates.io)
- Type
-
Vulnerability
- Categories
-
- Keywords
-
#remote
#single-byte
- Aliases
-
- References
-
- Patched
-
Description
Affected version do this crate did not validate the size of buffers when attempting to decode messages.
This allows an attacker to trigger a panic by sending a UDP datagram with a 1 byte payload over network.
This flaw was corrected by validating the size of the buffers before attempting to decode the message.
Advisory available under CC0-1.0
license.