crates.io package
candid
pkg:cargo/candid
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-6245 | — | >= 0.9.0, < 0.9.10 | 0.9.10 | Dec 8, 2023 | The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is `record { * ; empty }` and the canister interface expects `record { * }` then the Rust candid decoder treats empty as an extra field re |
- CVE-2023-6245Dec 8, 2023affected >= 0.9.0, < 0.9.10fixed 0.9.10
The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is `record { * ; empty }` and the canister interface expects `record { * }` then the Rust candid decoder treats empty as an extra field re