Affected versions of this crate tried to preallocate a vector for an arbitrary amount of bytes announced by the ASN.1-DER length field without further checks.
This allows an attacker to trigger a SIGABRT by creating length fields that announce more bytes than the allocator can provide.
The flaw was corrected by not preallocating memory.
{ "license": "CC0-1.0" }