{"id":"RUSTSEC-2023-0077","summary":"Remotely exploitable DoS condition in Rosenpass \u003c=0.2.0","details":"Affected version do this crate did not validate the size of buffers when attempting to decode messages.\n\nThis allows an attacker to trigger a panic by sending a UDP datagram with a 1 byte payload over network.\n\nThis flaw was corrected by validating the size of the buffers before attempting to decode the message.","aliases":["CVE-2023-53157","GHSA-6ggr-cwv4-g7qg"],"modified":"2025-10-28T06:02:18Z","published":"2023-11-04T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/rosenpass"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2023-0077.html"},{"type":"WEB","url":"https://github.com/rosenpass/rosenpass/commit/93439858d1c44294a7b377f775c4fc897a370bb2"}],"affected":[{"package":{"name":"rosenpass","ecosystem":"crates.io","purl":"pkg:cargo/rosenpass"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.2.1"}]}],"ecosystem_specific":{"affects":{"os":[],"functions":[],"arch":[]},"affected_functions":null},"database_specific":{"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2023-0077.json","informational":null,"categories":["denial-of-service"],"cvss":null}}],"schema_version":"1.7.3"}