GHSA-j3px-q95c-9683: zlib-rs stack overflow during decompression with malicious input

November 14, 2024 (updated December 4, 2024)

A denial of service vulnerability was found in zlib-rs, triggered by specially constructed input. This input causes a stack overflow, resulting in the process using zlib-rs to crash.

References

github.com/advisories/GHSA-j3px-q95c-9683
github.com/trifectatechfoundation/zlib-rs
github.com/trifectatechfoundation/zlib-rs/security/advisories/GHSA-j3px-q95c-9683
rustsec.org/advisories/RUSTSEC-2024-0401.html

Code Behaviors & Features

Detect and mitigate GHSA-j3px-q95c-9683 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →