{"id":"RUSTSEC-2024-0362","summary":"Stack overflow when parsing specially crafted JSON ABI strings","details":"Affected versions of the `alloy-json-abi` crate did not properly handle parsing of malformatted JSON ABI strings. The `JsonAbi::parse` method can be tricked into a stack overflow when processing specially crafted input. \n\nThis stack overflow can lead to a crash of the application using this crate, potentially causing a denial of service.\n\nThe flaw was corrected in commit 4790c47.","aliases":["GHSA-8327-84cj-8xjm"],"modified":"2025-10-28T06:29:23.761421Z","published":"2024-07-30T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/alloy-json-abi"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2024-0362.html"},{"type":"REPORT","url":"https://github.com/alloy-rs/core/issues/702"}],"affected":[{"package":{"name":"alloy-json-abi","ecosystem":"crates.io","purl":"pkg:cargo/alloy-json-abi"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.7.7"}]}],"ecosystem_specific":{"affected_functions":null,"affects":{"functions":[],"arch":[],"os":[]}},"database_specific":{"categories":[],"informational":null,"cvss":null,"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2024-0362.json"}}],"schema_version":"1.7.3"}