CVE-2023-53157
BaseFortify
Publication date: 2025-07-28
Last updated on: 2025-08-07
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rosenpass | rosenpass | to 0.2.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-130 | The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Rust crate "rosenpass" versions before 0.2.1 allows remote attackers to cause a denial of service (DoS) by sending a specially crafted UDP packet containing only one byte. The affected versions do not properly validate buffer sizes when decoding incoming messages, which leads to a panic (crash) in the application. The root cause is improper handling of buffer sizes during message decoding, specifically accepting buffers that do not match the expected size, causing the program to crash. [1, 3]
How can this vulnerability impact me? :
This vulnerability can be exploited remotely without any privileges or user interaction to cause a denial of service (DoS) by crashing the application using the rosenpass crate. This results in an availability impact where the affected service or application becomes unresponsive or stops functioning correctly until restarted or fixed. The attack is simple to perform by sending a one-byte UDP packet, making it a low complexity, network-based attack. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for UDP packets with a single-byte payload sent to systems running vulnerable versions of the rosenpass crate (prior to 0.2.1). Detection can involve capturing and inspecting UDP traffic for such packets. For example, using tcpdump or Wireshark to filter UDP packets of length 1 byte can help identify potential exploit attempts. A sample command to capture such packets is: tcpdump -i <interface> udp and 'udp[8:1] = 1' or more simply, tcpdump -i <interface> udp and 'len = 1'. Additionally, monitoring application logs for panics or crashes related to message decoding in rosenpass can indicate exploitation attempts. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the rosenpass crate to version 0.2.1 or later, where the vulnerability is fixed by proper buffer size validation before decoding messages. This update prevents the panic caused by one-byte UDP packets. If upgrading is not immediately possible, implementing network-level filtering to block or rate-limit suspicious UDP packets with very small payloads targeting the affected service can reduce exposure. Additionally, monitoring and alerting on application crashes or panics related to message decoding can help in early detection and response. [1, 2, 3]