RUSTSEC-2020-0075

Source
https://rustsec.org/advisories/RUSTSEC-2020-0075
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2020-0075.json
JSON Data
https://api.osv.dev/v1/vulns/RUSTSEC-2020-0075
Aliases
Published
2020-11-29T12:00:00Z
Modified
2023-11-08T04:03:39.346637Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Unexpected panic when decoding tokens
Details

Prior to 0.10.0 it was possible to have both decoding functions panic unexpectedly, by supplying tokens with an incorrect base62 encoding.

The documentation stated that an error should have been reported instead.

Database specific
{
    "license": "CC0-1.0"
}
References

Affected packages

crates.io / branca

Package

Affected ranges

Type
SEMVER
Events
Introduced
0.0.0-0
Fixed
0.10.0

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [
            "branca::Branca::decode",
            "branca::decode"
        ],
        "arch": []
    }
}

Database specific

{
    "cvss": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "informational": null,
    "categories": [
        "denial-of-service"
    ]
}