{"id":"RUSTSEC-2023-0095","summary":"Invalid Slice Split Results in Server Panic","details":"A vulnerability was discovered in the odoh-rs rust crate that stems\nfrom faulty logic during the parsing of encrypted queries. This\nissue specifically occurs when processing encrypted query data\nreceived from remote clients.\n\n## Impact\n\nAn attacker with knowledge of this vulnerability could craft and send\nspecially designed encrypted queries to targeted ODOH servers running\nwith odoh-rs. Upon successful exploitation, the server will crash\nabruptly, disrupting its normal operation and rendering the service\ntemporarily unavailable.\n\n## Patches\n\nUsers are encouraged to update their odoh-rs's rust crate to v1.0.2.","aliases":["CVE-2023-3766","GHSA-gpcv-p28p-fv2p"],"modified":"2025-12-22T19:10:53.345709Z","published":"2023-08-03T12:00:00Z","database_specific":{"license":"CC-BY-4.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/odoh-rs"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2023-0095.html"},{"type":"ADVISORY","url":"https://github.com/cloudflare/odoh-rs/security/advisories/GHSA-gpcv-p28p-fv2p"},{"type":"WEB","url":"https://github.com/cloudflare/odoh-rs/pull/28"}],"affected":[{"package":{"name":"odoh-rs","ecosystem":"crates.io","purl":"pkg:cargo/odoh-rs"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"1.0.2"}]}],"ecosystem_specific":{"affected_functions":null,"affects":{"arch":[],"functions":[],"os":[]}},"database_specific":{"cvss":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","informational":null,"categories":["denial-of-service"],"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2023-0095.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}