GHSA-8327-84cj-8xjm: Stack overflow when parsing specially crafted JSON ABI strings

August 15, 2024

Affected versions of the alloy-json-abi crate did not properly handle parsing of malformatted JSON ABI strings. The JsonAbi::parse method can be tricked into a stack overflow when processing specially crafted input.

This stack overflow can lead to a crash of the application using this crate, potentially causing a denial of service.

The flaw was corrected in commit 4790c47.

References

github.com/advisories/GHSA-8327-84cj-8xjm
github.com/alloy-rs/core
github.com/alloy-rs/core/commit/4790c47518024bd391bbd6815b00f501bad76a15
github.com/alloy-rs/core/issues/702
rustsec.org/advisories/RUSTSEC-2024-0362.html

Code Behaviors & Features

Detect and mitigate GHSA-8327-84cj-8xjm with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →