{"id":"RUSTSEC-2025-0073","summary":"DoS vulnerability on `alloy_dyn_abi::TypedData` hashing","details":"An uncaught panic triggered by malformed input to `alloy_dyn_abi::TypedData` could lead to a denial-of-service (DoS) via `eip712_signing_hash()`.\n\nSoftware with high availability requirements such as network services may be particularly impacted. If in use, external auto-restarting mechanisms can partially mitigate the availability issues unless repeated attacks are possible.\n\nThe vulnerability was patched by adding a check to ensure the element is not empty before accessing its first element; an error is returned if it is empty. The fix is included in version [v1.4.1](https://crates.io/crates/alloy-dyn-abi/1.4.1) and backported to [v0.8.26](https://crates.io/crates/alloy-dyn-abi/0.8.26).\n\nThere is no known workaround that mitigates the vulnerability. Upgrading to a patched version is the recommended course of action.\n\nReported by [Christian Reitter](https://github.com/cr-tk) & [Zeke Mostov](https://github.com/emostov) from [Turnkey](https://www.turnkey.com/).","aliases":["CVE-2025-62370","GHSA-pgp9-98jm-wwq2"],"modified":"2025-10-16T07:42:41.400007Z","published":"2025-10-15T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/alloy-dyn-abi"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2025-0073.html"},{"type":"ADVISORY","url":"https://github.com/alloy-rs/core/security/advisories/GHSA-pgp9-98jm-wwq2"}],"affected":[{"package":{"name":"alloy-dyn-abi","ecosystem":"crates.io","purl":"pkg:cargo/alloy-dyn-abi"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.8.26"},{"introduced":"1.0.0"},{"fixed":"1.4.1"}]}],"ecosystem_specific":{"affected_functions":null,"affects":{"arch":[],"os":[],"functions":["alloy_dyn_abi::eip712::Resolver::encode_type"]}},"database_specific":{"informational":null,"cvss":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","categories":["denial-of-service"],"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2025-0073.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}