CVE-2023-46135 MEDIUM

CVE-2023-46135: Panic in SignedPayload::from_payload

Vendor Stellar
Product rs-stellar-strkey
Weakness CWE-248
Published October 25, 2023
Last update September 10, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

rs-stellar-strkey is a Rust lib for encode/decode of Stellar Strkeys. A panic vulnerability occurs when a specially crafted payload is used.`inner_payload_len` should not above 64. This vulnerability has been patched in version 0.0.8.

Key dates

02Disclosure timeline

October 25, 2023 CVE published
September 10, 2024 Record updated