RUSTSEC-2024-0362

Stack overflow when parsing specially crafted JSON ABI strings

Reported

July 30, 2024

Issued

August 15, 2024

Package

alloy-json-abi (crates.io)

Type

Vulnerability

Keywords

#stack-overflow

References

https://github.com/alloy-rs/core/issues/702

Patched

>=0.7.7

Description

Affected versions of the alloy-json-abi crate did not properly handle parsing of malformatted JSON ABI strings. The JsonAbi::parse method can be tricked into a stack overflow when processing specially crafted input.

This stack overflow can lead to a crash of the application using this crate, potentially causing a denial of service.

The flaw was corrected in commit 4790c47.

Advisory available under CC0-1.0 license.