CVE-2019-15549: Memory exhaustion in asn1_der

August 25, 2021

An issue was discovered in the asn1_der crate before 0.6.2 for Rust. Attackers can trigger memory exhaustion by supplying a large value in a length field.

References

github.com/KizzyCode/asn1_der
github.com/KizzyCode/asn1_der/issues/1
github.com/advisories/GHSA-v5r6-6r3c-wqxc
nvd.nist.gov/vuln/detail/CVE-2019-15549
rustsec.org/advisories/RUSTSEC-2019-0007.html

Detect and mitigate CVE-2019-15549 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →