add alloy-json-abi stack-overflow (#2033)

rustsec · Aug 15, 2024 · c33a710 · c33a710
1 parent 1d209d3
commit c33a710
Showing 1 changed file with 19 additions and 0 deletions.
diff --git a/crates/alloy-json-abi/RUSTSEC-0000-0000.md b/crates/alloy-json-abi/RUSTSEC-0000-0000.md
@@ -0,0 +1,19 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "alloy-json-abi"
+date = "2024-07-30"
+url = "https://github.com/alloy-rs/core/issues/702"
+keywords = ["stack-overflow"]
+
+[versions]
+patched = [">= 0.7.7"]
+```
+
+# Stack overflow when parsing specially crafted JSON ABI strings
+
+Affected versions of the `alloy-json-abi` crate did not properly handle parsing of malformatted JSON ABI strings. The `JsonAbi::parse` method can be tricked into a stack overflow when processing specially crafted input. 
+
+This stack overflow can lead to a crash of the application using this crate, potentially causing a denial of service.
+
+The flaw was corrected in commit 4790c47.