CVE-2023-46135

Name of the Vulnerable Software and Affected Versions rs-stellar-strkey versions prior to 0.0.8

Description A panic vulnerability occurs when a specially crafted payload is used, due to an issue with the inner payload len variable. This variable should not be above 64. The vulnerability is caused by an overflow in the calculation of inner payload len + (4 - inner payload len % 4) % 4, which can happen when inner payload len is set to a large value, such as 0xffffffff.

Recommendations For versions prior to 0.0.8, update to version 0.0.8 to resolve the issue. As a temporary workaround, consider sanitizing the input payload before it is passed to the vulnerable function, ensuring that the value of inner payload len is not above 64.