CVE-2023-46135: stellar-strkey vulnerable to panic in SignedPayload::from_payload
Panic vulnerability when a specially crafted payload is used. This is because of the following calculation:
inner_payload_len + (4 - inner_payload_len % 4) % 4
If inner_payload_len is 0xffffffff, (4 - inner_payload_len % 4) % 4 = 1 so
inner_payload_len + (4 - inner_payload_len % 4) % 4 = u32::MAX + 1
which overflow.
References
- github.com/advisories/GHSA-5873-6fwq-463f
- github.com/stellar/rs-stellar-strkey
- github.com/stellar/rs-stellar-strkey/commit/83adad0f5b1cda693c7ba8524d395add8077865f
- github.com/stellar/rs-stellar-strkey/issues/58
- github.com/stellar/rs-stellar-strkey/pull/59
- github.com/stellar/rs-stellar-strkey/releases/tag/v0.0.8
- github.com/stellar/rs-stellar-strkey/security/advisories/GHSA-5873-6fwq-463f
- nvd.nist.gov/vuln/detail/CVE-2023-46135
Detect and mitigate CVE-2023-46135 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →