RUSTSEC-2020-0075

See a problem?
Please try reporting it to the source first.

Source

https://rustsec.org/advisories/RUSTSEC-2020-0075

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2020-0075.json

JSON Data

https://api.osv.dev/v1/vulns/RUSTSEC-2020-0075

Aliases

Published

2020-11-29T12:00:00Z

Modified

2023-11-08T04:03:39.346637Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Unexpected panic when decoding tokens

Details

Prior to 0.10.0 it was possible to have both decoding functions panic unexpectedly, by supplying tokens with an incorrect base62 encoding.

The documentation stated that an error should have been reported instead.

Database specific

{
    "license": "CC0-1.0"
}

References

Affected packages

crates.io / branca

Package

Name: branca; View open source insights on deps.dev
Purl: pkg:cargo/branca

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0-0

Fixed

0.10.0

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [
            "branca::Branca::decode",
            "branca::decode"
        ],
        "arch": []
    }
}

Database specific

{
    "cvss": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "informational": null,
    "categories": [
        "denial-of-service"
    ]
}