The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is `record { * ; empty }` and the canister interface expects `record { * }` then the Rust candid decoder treats empty as an extra field required by the type. The problem with the type empty is that the candid Rust library wrongly categorizes empty as a recoverable error when skipping the field and thus causing an infinite decoding loop. Canisters using affected versions of candid are exposed to denial of service by causing the decoding to run indefinitely until the canister traps due to reaching maximum instruction limit per execution round. Repeated exposure to the payload will result in degraded performance of the canister. Note: Canisters written in Motoko are unaffected.
Published 2023-12-08 15:15:08
Updated 2023-12-13 14:41:10
Source
View at NVD,   CVE.org
Vulnerability category: Input validationDenial of service

Products affected by CVE-2023-6245

Exploit prediction scoring system (EPSS) score for CVE-2023-6245

0.08%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 38 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-6245

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
7.5
HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.9
3.6
DFINITY Foundation
7.5
HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.9
3.6
NIST

CWE ids for CVE-2023-6245

  • The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
    Assigned by: 6b35d637-e00f-4228-858c-b20ad6e1d07b (Secondary)
  • The product does not properly handle input in which an inconsistency exists between two or more special characters or reserved words.
    Assigned by: 6b35d637-e00f-4228-858c-b20ad6e1d07b (Secondary)
  • The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
    Assigned by:
    • 6b35d637-e00f-4228-858c-b20ad6e1d07b (Secondary)
    • nvd@nist.gov (Primary)
  • The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or incorrectly validates that the input is actually consistent.
    Assigned by: 6b35d637-e00f-4228-858c-b20ad6e1d07b (Secondary)

References for CVE-2023-6245

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!