Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a CVE vulnerability ID? 
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
New vulnerability? Tell us about it!
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
WS-2021-0048
Date: March 18, 2021
In the parse_duration crate pacgae, the parse function allows for parsing duration strings with exponents like 5e5s where under the hood, the BigInt type along with the pow function are used for such payloads. Passing an arbitrarily big exponent makes the parse_duration::parse function to process the payload for a very long time taking up CPU and memory. This allows an attacker to cause a DoS if the parse_duration::parse function is used to process untrusted input. No fix for the issue.
Language: RUST
Severity Score
Severity Score
Weakness Type (CWE)
Uncontrolled Resource Consumption ('Resource Exhaustion')
CWE-400CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | LOCAL |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | REQUIRED |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | NONE |
| Integrity (I): | NONE |
| Availability (A): | HIGH |