Affected versions of this crate did not validate the size of buffers when attempting to decode messages.
This allows an attacker to trigger a panic by sending a UDP datagram with a 1 byte payload over network.
This flaw was corrected by validating the size of the buffers before attempting to decode the message.
{ "nvd_published_at": null, "cwe_ids": [], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-12-21T23:15:57Z" }