CVE-2024-44073: Miniscript allows stack consumption
The Miniscript (aka rust-miniscript) library before 12.2.0 for Rust allows stack consumption because it does not properly track tree depth.
References
- github.com/advisories/GHSA-rv9v-r4vm-gj8x
- github.com/rust-bitcoin/rust-miniscript/commit/5b0f5e3417f027a22b066debf825dbe6644b575b
- github.com/rust-bitcoin/rust-miniscript/commit/8f54b5e3fb7129ed9fbed53f1cb9e6e62ea4c151
- github.com/rust-bitcoin/rust-miniscript/compare/11.2.0...12.2.0
- github.com/rust-bitcoin/rust-miniscript/pull/704
- github.com/rust-bitcoin/rust-miniscript/pull/712
- nvd.nist.gov/vuln/detail/CVE-2024-44073
Code Behaviors & Features
Detect and mitigate CVE-2024-44073 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →