{"id":"RUSTSEC-2022-0030","summary":"Stack overflow during recursive expression parsing","details":"When parsing untrusted rulex expressions, the stack may overflow, possibly\nenabling a Denial of Service attack. This happens when parsing an expression\nwith several hundred levels of nesting, causing the process to abort\nimmediately.\n\nThe flaw was corrected in commits `60aa2dc03a` by adding a check to recursion\ndepth.","aliases":["CVE-2022-31099","GHSA-v78m-2q7v-fjqp"],"modified":"2023-11-08T04:09:25.959683Z","published":"2022-05-21T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/rulex"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2022-0030.html"},{"type":"ADVISORY","url":"https://github.com/rulex-rs/rulex/security/advisories/GHSA-v78m-2q7v-fjqp"}],"affected":[{"package":{"name":"rulex","ecosystem":"crates.io","purl":"pkg:cargo/rulex"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.4.3"}]}],"ecosystem_specific":{"affects":{"os":[],"functions":[],"arch":[]},"affected_functions":null},"database_specific":{"cvss":null,"informational":null,"categories":["denial-of-service"],"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2022-0030.json"}}],"schema_version":"1.7.3"}