RUSTSEC-2023-0095

See a problem?
Please try reporting it to the source first.
Source
https://rustsec.org/advisories/RUSTSEC-2023-0095
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2023-0095.json
JSON Data
https://api.test.osv.dev/v1/vulns/RUSTSEC-2023-0095
Aliases
Published
2023-08-03T12:00:00Z
Modified
2025-12-22T22:56:03.234772Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Invalid Slice Split Results in Server Panic
Details

A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. This issue specifically occurs when processing encrypted query data received from remote clients.

Impact

An attacker with knowledge of this vulnerability could craft and send specially designed encrypted queries to targeted ODOH servers running with odoh-rs. Upon successful exploitation, the server will crash abruptly, disrupting its normal operation and rendering the service temporarily unavailable.

Patches

Users are encouraged to update their odoh-rs's rust crate to v1.0.2.

Database specific 
{
    "license": "CC-BY-4.0"
}
References

Affected packages

crates.io / odoh-rs

Package

Name
odoh-rs
View open source insights on deps.dev
Purl
pkg:cargo/odoh-rs

Affected ranges

Type
SEMVER
Events
Introduced
0.0.0-0
Fixed
1.0.2

Ecosystem specific 

{
    "affects": {
        "os": [],
        "arch": [],
        "functions": []
    },
    "affected_functions": null
}

Database specific

source 
"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2023-0095.json"
categories 
[
    "denial-of-service"
]
informational 
null
cvss 
"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"