RUSTSEC-2024-0012

Stack overflow during recursive JSON parsing

Reported

January 24, 2024

Issued

February 9, 2024 (last modified: February 14, 2024)

Package

serde-json-wasm (crates.io)

Type

Vulnerability

Categories

denial-of-service

Keywords

#stack-overflow #json

Aliases

GHSA-rr69-rxr6-8qwf

Patched

>=1.0.1
>=0.5.2, <1.0.0

Description

When parsing untrusted, deeply nested JSON, the stack may overflow, possibly enabling a Denial of Service attack. This was fixed by adding a check for recursion depth.

Advisory available under CC0-1.0 license.