logo

Database

Asymmetric denial of service - ReDoS In asn1_der

Description

Memory exhaustion in asn1_der An issue was discovered in the asn1_der crate before 0.6.2 for Rust. Attackers can trigger memory exhaustion by supplying a large value in a length field.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2019-155492. NVD-2019-155493. OSV-2019-155494. GCVE-2019-15549

References

1. https://github.com/KizzyCode/asn1_der/issues/12. https://rustsec.org/advisories/RUSTSEC-2019-0007.html

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.