ghsa-v78m-2q7v-fjqp
Vulnerability from github
Published
2022-06-22 17:52
Modified
2022-07-12 21:59
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Uncontrolled Recursion in rulex
Details

Impact

When parsing untrusted rulex expressions, the stack may overflow, possibly enabling a Denial of Service attack. This happens when parsing an expression with several hundred levels of nesting, causing the process to abort immediately.

This is a security concern for you, if - your service parses untrusted rulex expressions (expressions provided by an untrusted user), and - your service becomes unavailable when the process running rulex aborts due to a stack overflow.

Patches

The crash is fixed in version 0.4.3. Affected users are advised to update to this version.

Workarounds

None.

For more information

If you have any questions or comments about this advisory: * Open an issue in rulex * Email me at ludwig.stecher@gmx.de

Credits

Credit for finding these bugs goes to

Show details on source website

To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "rulex"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.4.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-31099"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-674"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-22T17:52:51Z",
    "nvd_published_at": "2022-06-27T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nWhen parsing untrusted rulex expressions, the stack may overflow, possibly enabling a Denial of Service attack. This happens when parsing an expression with several hundred levels of nesting, causing the process to abort immediately.\n\nThis is a security concern for you, if\n- your service parses untrusted rulex expressions (expressions provided by an untrusted user), and\n- your service becomes unavailable when the process running rulex aborts due to a stack overflow.\n\n### Patches\nThe crash is fixed in version **0.4.3**. Affected users are advised to update to this version.\n\n### Workarounds\nNone.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [rulex](https://github.com/rulex-rs/rulex/issues)\n* Email me at [ludwig.stecher@gmx.de](mailto:ludwig.stecher@gmx.de)\n\n### Credits\n\nCredit for finding these bugs goes to\n\n- [evanrichter](https://github.com/evanrichter)\n- [ForAllSecure Mayhem](https://forallsecure.com/)\n- [cargo fuzz](https://github.com/rust-fuzz/cargo-fuzz) and [afl.rs](https://github.com/rust-fuzz/afl.rs)",
  "id": "GHSA-v78m-2q7v-fjqp",
  "modified": "2022-07-12T21:59:11Z",
  "published": "2022-06-22T17:52:51Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/rulex-rs/rulex/security/advisories/GHSA-v78m-2q7v-fjqp"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31099"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rulex-rs/rulex/commit/60aa2dc03a22d69c8800fec81f99c96958a11363"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rulex-rs/rulex"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2022-0030.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Uncontrolled Recursion in rulex"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.