{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/rust-zserio--0.5.3/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["rust-zserio (\u003c= 0.5.3)"],"_cs_severities":["medium"],"_cs_tags":["denial-of-service","memory-allocation"],"_cs_type":"advisory","_cs_vendors":["rust"],"content_html":"\u003cp\u003eThe rust-zserio package, versions 0.5.3 and earlier, is susceptible to an unbounded memory allocation vulnerability. This flaw arises during the deserialization of arrays, strings, or byte (blob) types. The library reads the size of the incoming data from the serialized input itself, and subsequently allocates memory based on this size. Due to the absence of proper size validation, a malicious actor can exploit this by crafting a data file containing an excessively large size value. This would force the rust-zserio runtime to allocate a substantial amount of memory, potentially leading to a denial-of-service condition. This vulnerability poses a significant risk to applications that process zserio-encoded messages from untrusted sources, as it can be triggered remotely through a specially crafted input.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious zserio-encoded data file.\u003c/li\u003e\n\u003cli\u003eThe malicious data file contains a manipulated size value for an array, string, or blob field. This size value is set to an extremely large number.\u003c/li\u003e\n\u003cli\u003eThe vulnerable rust-zserio library attempts to deserialize the data file.\u003c/li\u003e\n\u003cli\u003eDuring deserialization, the library reads the manipulated size value from the data file.\u003c/li\u003e\n\u003cli\u003eThe library attempts to allocate memory based on the excessively large size value.\u003c/li\u003e\n\u003cli\u003eThe excessive memory allocation consumes available system resources.\u003c/li\u003e\n\u003cli\u003eThe application becomes unresponsive due to resource exhaustion.\u003c/li\u003e\n\u003cli\u003eThe system experiences a denial-of-service, impacting availability.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability leads to a denial-of-service condition. Affected applications become unresponsive, potentially disrupting critical services. The number of victims depends on the prevalence of rust-zserio in systems that process untrusted data. The impact is significant, as it can lead to service outages and potentially impact other applications running on the same system due to resource exhaustion.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patch from commit \u003ca href=\"https://github.com/Danaozhong/rust-zserio/commit/57f5fb4a2a8611d58dbcc1a9221349206dd99c3c\"\u003e57f5fb\u003c/a\u003e to remediate the unbounded memory allocation vulnerability.\u003c/li\u003e\n\u003cli\u003eImplement input validation to check the size of arrays, strings, or blob types before memory allocation.\u003c/li\u003e\n\u003cli\u003eMonitor resource consumption of rust-zserio applications to detect abnormal memory allocation patterns. Deploy the \u0026ldquo;Detect Excessive Memory Allocation by rust-zserio\u0026rdquo; Sigma rule to identify potential exploitation attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-09T12:00:00Z","date_published":"2024-01-09T12:00:00Z","id":"/briefs/2024-01-09-rust-zserio-memory-allocation/","summary":"The rust-zserio package is vulnerable to unbounded memory allocation when deserializing arrays, strings, or bytes (blob) types, allowing an attacker to cause a denial-of-service by providing a crafted data file with a large size value.","title":"rust-zserio Unbounded Memory Allocation Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-01-09-rust-zserio-memory-allocation/"}],"language":"en","title":"CraftedSignal Threat Feed — Rust-Zserio (\u003c= 0.5.3)","version":"https://jsonfeed.org/version/1.1"}