-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| rosenpass | rust | < 0.2.1 | 0.2.1 |
Miggo AIRoot Cause AnalysisThe vulnerability is a denial of service caused by a panic when processing a specially crafted, undersized UDP packet. The root cause lies in the message parsing logic, which did not properly validate buffer lengths before accessing the data.
The primary function involved in the exploitation of this vulnerability is rosenpass::protocol::CryptoServer::handle_msg. This function acts as the main handler for all incoming network messages. It takes the raw byte slice from a UDP packet and passes it to more specific parsing functions.
The actual bug was in a macro named data_lense! located in rosenpass/src/msgs.rs. This macro generates parsing functions (like envelope, init_hello, etc.) for different message types. Before the fix, these generated functions did not check if the input buffer's length was sufficient for the message type they were supposed to parse. Consequently, when handle_msg received a packet that was too small (e.g., one byte) and passed it to one of these parsing functions, an out-of-bounds read would occur, triggering a panic and crashing the service.
The patch addresses this by modifying the data_lense! macro to insert a size check at the beginning of each generated parsing function, ensuring that any undersized packets are rejected with an error instead of causing a crash.