PT-2023-29868 · Unknown · Rs-Stellar-Strkey

Yeggor

Publicado

2023-10-24

Atualizado

2023-11-01

CVE-2023-46135

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions rs-stellar-strkey versions prior to 0.0.8

Description A panic vulnerability occurs when a specially crafted payload is used, due to an issue with the inner payload len variable. This variable should not be above 64. The vulnerability is caused by an overflow in the calculation of inner payload len + (4 - inner payload len % 4) % 4, which can happen when inner payload len is set to a large value, such as 0xffffffff.

Recommendations For versions prior to 0.0.8, update to version 0.0.8 to resolve the issue. As a temporary workaround, consider sanitizing the input payload before it is passed to the vulnerable function, ensuring that the value of inner payload len is not above 64.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-248

Identificadores relacionados

CVE-2023-46135

GHSA-5873-6FWQ-463F

Produtos afetados

Rs-Stellar-Strkey

PT-2023-29868 · Unknown · Rs-Stellar-Strkey

CVE-2023-46135

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11