CVE-2023-46135 – stellar-strkey

Package

Manager: cargo
Name: stellar-strkey
Vulnerable Version: >=0 <0.0.8

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00168 pctl0.38397

Details

stellar-strkey vulnerable to panic in SignedPayload::from_payload ### Impact Panic vulnerability when a specially crafted payload is used. This is because of the following calculation: ```rust inner_payload_len + (4 - inner_payload_len % 4) % 4 ``` If `inner_payload_len` is `0xffffffff`, `(4 - inner_payload_len % 4) % 4 = 1` so ```rust inner_payload_len + (4 - inner_payload_len % 4) % 4 = u32::MAX + 1 ``` which overflow. ### Patches Check that `inner_payload_len` is not above 64 which should never be the case. Patched in version 0.0.8 ### Workarounds Sanitize input payload before it is passed to the vulnerable function so that bytes in `payload[32..32+4]` and parsed as a `u32` is not above 64. ### References GitHub issue #58

Metadata

Created: 2023-10-25T14:09:10Z
Modified: 2023-10-25T14:09:10Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-5873-6fwq-463f/GHSA-5873-6fwq-463f.json
CWE IDs: ["CWE-248"]
Alternative ID: GHSA-5873-6fwq-463f
Finding: F140
Auto approve: 1