CVE-2017-1000430

Name of the Vulnerable Software and Affected Versions rust-base64 versions <= 0.5.1

Description The issue arises from an integer overflow bug when calculating the size of a buffer for base64 encoding using the encode config buf and encode config functions. If the input string is large, a buffer that is too small is allocated. Since the function writes to the buffer using unsafe code, this allows an attacker to write beyond the buffer, causing memory corruption and possibly the execution of arbitrary code.

Recommendations For rust-base64 versions <= 0.5.1, update to a version that uses checked arithmetic to calculate the size of the buffer, as this flaw was corrected in later versions. As a temporary workaround, consider restricting the use of the encode config buf and encode config functions until a patch is available.