icon

We found results for “

CVE-2023-6245

Good to know:

icon

Date: December 8, 2023

The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is `record { * ; empty }` and the canister interface expects `record { * }` then the Rust candid decoder treats empty as an extra field required by the type. The problem with the type empty is that the candid Rust library wrongly categorizes empty as a recoverable error when skipping the field and thus causing an infinite decoding loop. Canisters using affected versions of candid are exposed to denial of service by causing the decoding to run indefinitely until the canister traps due to reaching maximum instruction limit per execution round. Repeated exposure to the payload will result in degraded performance of the canister. Note: Canisters written in Motoko are unaffected.

Language: RUST

Severity Score

Severity Score

Weakness Type (CWE)

Input Validation

CWE-20

Uncontrolled Resource Consumption ('Resource Exhaustion')

CWE-400

Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-835

Improper Handling of Inconsistent Special Elements

CWE-168

Improper Validation of Consistency within Input

CWE-1288

Top Fix

icon

Upgrade Version

Upgrade to version candid - 0.9.10

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us