VYPR

crates.io package

candid

pkg:cargo/candid

Vulnerabilities (1)

  • CVE-2023-6245Dec 8, 2023
    affected >= 0.9.0, < 0.9.10fixed 0.9.10

    The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is `record { * ; empty }` and the canister interface expects `record { * }` then the Rust candid decoder treats empty as an extra field re