CVE-2019-15549

Name of the Vulnerable Software and Affected Versions asn1 der crate versions prior to 0.6.2

Description The issue allows attackers to trigger memory exhaustion by supplying a large value in the length field of the ASN.1-DER length field. This is possible because affected versions of the crate tried to preallocate a vector for an arbitrary amount of bytes announced by the ASN.1-DER length field without further checks, allowing an attacker to trigger a SIGABRT by creating length fields that announce more bytes than the allocator can provide.

Recommendations For versions prior to 0.6.2, update to version 0.6.2 or later to resolve the issue. As a temporary workaround, consider implementing checks on the length field to prevent excessive memory allocation until a patch is applied.