High severityNVD Advisory· Published Apr 1, 2021· Updated Aug 3, 2024
CVE-2021-29932
CVE-2021-29932
Description
An issue was discovered in the parse_duration crate through 2021-03-18 for Rust. It allows attackers to cause a denial of service (CPU and memory consumption) via a duration string with a large exponent.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
parse_durationcrates.io | <= 2.1.1 | — |
Affected products
4- parse_duration/parse_durationdescription
- osv-coords3 versions
< 1.3.0-r1+ 2 more
- (no CPE)range: < 1.3.0-r1
- (no CPE)range: < 2.1.0-r1
- (no CPE)range: <= 2.1.1
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-qpgv-g792-wh6xghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-29932ghsaADVISORY
- github.com/zeta12ti/parse_duration/issues/21ghsaWEB
- rustsec.org/advisories/RUSTSEC-2021-0041.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.