Name of the Vulnerable Software and Affected Versions base (affected versions not specified) toml-reader versions 0.1.0.0

Description The issue is related to memory exhaustion with large exponents in the readFloat function. Processing a number expressed in scientific notation with a very large exponent could cause a denial of service. The slowdown is observable on a modern machine. The readFloat function uses Text.Read.Lex.numberToRational, which calculates 10 ^ exponent and seems to take linear time and memory.

Recommendations For base, consider using the read function instead of readFloat, as the Read instances for Float and Double perform bounds checks on the exponent. For toml-reader version 0.1.0.0, update to version 0.2.0.0, which mitigates the issue by immediately returning Infinity when the exponent is large enough.