Skip to content

DoS vulnerability: Malformed Resource Identifiers

Moderate
comawill published GHSA-3xvh-x964-572h Mar 11, 2022

Package

wire-ios-transport (wire)

Affected versions

<=84.1.0

Patched versions

84.1.1

Description

Impact

Malformed resource identifiers may cause a crash in library code, which is used for removing sensible tokens before logging may fail and lead to a crash (Swift exception) of the application.

This causes undesirable behavior, however the (greater) Wire system is still functional.

Patches

References

Credits

Reported by Kane Gamble (Blackfoot UK)

Severity

Moderate
6.5
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
Low
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE ID

No known CVE

Weaknesses

No CWEs