Impact
Two scenarios were reported where BigInt and BigUint multiplication may unexpectedly panic.
- The internal
mac3 function did not expect the possibility of non-empty all-zero inputs, leading to an unwrap() panic.
- A buffer was allocated with less capacity than needed for an intermediate result, leading to an assertion panic.
Rust panics can either cause stack unwinding or program abort, depending on the application configuration. In some settings, an unexpected panic may constitute a denial-of-service vulnerability.
Patches
Both problems were introduced in version 0.4.1, and are fixed in version 0.4.3.
For more information
If you have any questions or comments about this advisory, please open an issue in the num-bigint repo.
Acknowledgements
Thanks to Guido Vranken and Arvid Norberg for privately reporting these issues to the author.
References
guidovranken Analyst
arvidn Analyst
Impact
Two scenarios were reported where
BigIntandBigUintmultiplication may unexpectedly panic.mac3function did not expect the possibility of non-empty all-zero inputs, leading to anunwrap()panic.Rust panics can either cause stack unwinding or program abort, depending on the application configuration. In some settings, an unexpected panic may constitute a denial-of-service vulnerability.
Patches
Both problems were introduced in version 0.4.1, and are fixed in version 0.4.3.
For more information
If you have any questions or comments about this advisory, please open an issue in the num-bigint repo.
Acknowledgements
Thanks to Guido Vranken and Arvid Norberg for privately reporting these issues to the author.
References