CVE-2020-35909

Name of the Vulnerable Software and Affected Versions multihash crate versions prior to 0.11.3

Description An issue in the multihash crate allows attackers to cause a Denial of Service (DoS) by feeding certain malformed input to the from slice function, which can panic when called with unsanitized data from untrusted sources. This function is frequently used in networking code and its return type suggests that it should not panic, but it can when given specific input. The panic can occur when from slice (or from bytes, which wraps it) is called with data from untrusted sources, potentially allowing attackers to cause an unexpected panic in the network client's code.

Recommendations For versions prior to 0.11.3, update to version 0.11.3 or later to resolve the issue. As a temporary workaround, consider validating and sanitizing input data before passing it to the from slice function to minimize the risk of exploitation.