Primary

Context

Rosenpass Crate Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in the Rosenpass crate for Rust, affecting versions prior to 0.2.1. The issue arises because the crate does not properly validate the size of buffers when decoding messages. This oversight allows remote attackers to cause a panic by sending a one-byte UDP packet. The vulnerability has been addressed in version 0.2.1.

Impact

Exploitation of this vulnerability leads to a panic, causing a denial-of-service condition by crashing the application.

Reproduction

The vulnerability can be reproduced by sending a UDP packet with a payload of one byte to a Rosenpass application running a vulnerable version. This can be done using network tools or scripts that allow for the manipulation of UDP packet contents.

Remediation

Users can upgrade to Rosenpass version 0.2.1 or later to address this vulnerability.

Added: Jul 28, 2025, 12:19 AM

Updated: Jul 28, 2025, 12:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.4

remediation

7.7

relevance

0.3

threat

4.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.4

remediation

7.7

relevance

0.3

threat

4.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Rosenpass Crate Denial-of-Service Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating