-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| bcder | rust | < 0.7.3 | 0.7.3 |
RustRustMiggo AIRoot Cause AnalysisThe vulnerability stemmed from multiple decoding functions lacking essential input validation. The commit 4da91c3 adds critical checks in these locations: 1) Nested length validation in content.rs, 2) OID structure checks in oid.rs, 3) Bit string validation in bit.rs, 4) Tag parsing safety in tag.rs, and 5) Integer decoding safety in int.rs. These functions directly correspond to the CWE-228 and CWE-232 issues described, where invalid structures and undefined values weren't properly handled, leading to panics rather than errors.
Ongoing coverage of React2Shell