PT-2019-14258 · Rust · Ammonia

Published

2019-04-27

Updated

2021-08-25

CVE-2019-15542

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions ammonia crate versions prior to 2.1.0

Description An issue was discovered in the ammonia crate where uncontrolled recursion occurs during HTML DOM tree serialization. This allows an attacker to cause an abort due to stack overflow by providing a pathologically nested input. The issue arises from the use of recursion for serialization of HTML DOM trees.

Recommendations For ammonia crate versions prior to 2.1.0, update to version 2.1.0 or later, which serializes the DOM tree iteratively instead of using recursion.

Fix

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674

Related Identifiers

CVE-2019-15542

GHSA-5HP8-35WJ-M525

RUSTSEC-2019-0001

Affected Products

Ammonia

PT-2019-14258 · Rust · Ammonia

CVE-2019-15542

Weakness Enumeration

Related Identifiers

Affected Products

References · 8