CVE-2023-6245

EPSS 0.13%
Veröffentlicht 08.12.2023 15:15:08
Zuletzt bearbeitet 21.11.2024 08:43:27
Quelle 6b35d637-e00f-4228-858c-b20ad6
CVE-Watchlists
Login
Unerledigt
Login

The Candid library causes a Denial of Service while 
parsing a specially crafted payload with 'empty' data type. For example,
 if the payload is `record { * ; empty }` and the canister interface expects `record { * }` then the Rust candid decoder treats empty as an extra field required by the type.  The problem with the type empty is that the candid Rust library wrongly categorizes empty as a recoverable error when skipping the field and thus causing an infinite decoding loop.


Canisters using affected versions of candid
 are exposed to denial of service by causing the decoding to run 
indefinitely until the canister traps due to reaching maximum 
instruction limit per execution round. Repeated exposure to the payload 
will result in degraded performance of the canister. Note: Canisters written in Motoko are unaffected.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 4 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dfinity ≫ Candid SwPlatformrust Version >= 0.9.0 < 0.9.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.333

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6b35d637-e00f-4228-858c-b20ad6e1d07b	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1288 Improper Validation of Consistency within Input

The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or incorrectly validates that the input is actually consistent.

CWE-168 Improper Handling of Inconsistent Special Elements

The product does not properly handle input in which an inconsistency exists between two or more special characters or reserved words.

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

https://github.com/dfinity/candid/blob/master/spec/Candid.md

Product

https://github.com/dfinity/candid/pull/478

Patch

https://github.com/dfinity/candid/security/advisories/GHSA-7787-p7x6-fq3j

Patch

Third Party Advisory

https://internetcomputer.org/docs/current/references/candid-ref

Product

https://internetcomputer.org/docs/current/references/ic-interface-spec