5.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-46135

GHSA ID

GHSA-5873-6fwq-463f

EPSS Score

0.38709%

CWE

CWE-248

Published

10/25/2023

Updated

11/9/2023

KEV Status

Technology

Rust

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-46135

CVE-2023-46135: stellar-strkey vulnerable to panic in SignedPayload::from_payload

Impact

Panic vulnerability when a specially crafted payload is used. This is because of the following calculation:

inner_payload_len + (4 - inner_payload_len % 4) % 4

If inner_payload_len is 0xffffffff, (4 - inner_payload_len % 4) % 4 = 1 so

inner_payload_len + (4 - inner_payload_len % 4) % 4 = u32::MAX + 1

which overflow.

Patches

Check that inner_payload_len is not above 64 which should never be the case. Patched in version 0.0.8

Workarounds

Sanitize input payload before it is passed to the vulnerable function so that bytes in payload[32..32+4] and parsed as a u32 is not above 64.

References

GitHub issue #58

(GitHub Advisory)

5.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-46135

GHSA ID

GHSA-5873-6fwq-463f

EPSS Score

0.38709%

CWE

CWE-248

Published

10/25/2023

Updated

11/9/2023

KEV Status

Technology

Rust

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
stellar-strkey	rust	< 0.0.8	0.0.8

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability manifests in the from_payload constructor of SignedPayload, as shown in the commit diff modifying src/ed25519.rs. The added MAX_INNER_PAYLOAD_LENGTH check and test case in tests/tests.rs explicitly target this function. The arithmetic operation's overflow potential is directly addressed by the patch, confirming this as the vulnerable entry point.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t P*ni* vuln*r**ility w**n * sp**i*lly *r**t** p*ylo** is us**. T*is is ****us* o* t** *ollowin* **l*ul*tion: ```rust inn*r_p*ylo**_l*n + (* - inn*r_p*ylo**_l*n % *) % * ``` I* `inn*r_p*ylo**_l*n` is `*x********`, `(* - inn*r_p*ylo**_l*n %

Reasoning

T** vuln*r**ility m*ni**sts in t** `*rom_p*ylo**` *onstru*tor o* Si*n**P*ylo**, *s s*own in t** *ommit *i** mo*i*yin* sr*/*******.rs. T** ***** M*X_INN*R_P*YLO**_L*N*T* ****k *n* t*st **s* in t*sts/t*sts.rs *xpli*itly t*r**t t*is *un*tion. T** *rit*m

5.3

Basic Information

Concerned about an active attack path?

CVE-2023-46135: stellar-strkey vulnerable to panic in SignedPayload::from_payload

Impact

Patches

Workarounds

References

5.3

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI