Name of the Vulnerable Software and Affected Versions: num-bigint versions 0.4.1 through 0.4.2

Description: The issue arises from two scenarios where BigInt and BigUint multiplication may unexpectedly panic. This occurs due to the internal mac3 function not expecting non-empty all-zero inputs, leading to an unwrap() panic, and a buffer being allocated with less capacity than needed for an intermediate result, resulting in an assertion panic. Rust panics can cause stack unwinding or program abort, depending on the application configuration, potentially constituting a denial-of-service vulnerability.

Recommendations: For num-bigint versions 0.4.1 through 0.4.2, update to version 0.4.3 to resolve the issue. As a temporary workaround, consider disabling the BigInt and BigUint multiplication functions until a patch is available. Restrict access to the vulnerable mac3 function to minimize the risk of exploitation. Avoid using the BigInt and BigUint types in critical operations until the issue is resolved.