RUSTSEC-2022-0030

See a problem?
Please try reporting it to the source first.

Source

https://rustsec.org/advisories/RUSTSEC-2022-0030

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2022-0030.json

JSON Data

https://api.osv.dev/v1/vulns/RUSTSEC-2022-0030

Aliases

Published

2022-05-21T12:00:00Z

Modified

2023-11-08T04:09:25.959683Z

Summary

Stack overflow during recursive expression parsing

Details

When parsing untrusted rulex expressions, the stack may overflow, possibly enabling a Denial of Service attack. This happens when parsing an expression with several hundred levels of nesting, causing the process to abort immediately.

The flaw was corrected in commits 60aa2dc03a by adding a check to recursion depth.

Database specific

{
    "license": "CC0-1.0"
}

References

Affected packages

crates.io / rulex

Package

Name: rulex; View open source insights on deps.dev
Purl: pkg:cargo/rulex

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0-0

Fixed

0.4.3

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific

{
    "cvss": null,
    "informational": null,
    "categories": [
        "denial-of-service"
    ]
}