Executive Summary

CVE-2026-29795 is a moderate severity vulnerability in the Rust crate stellar-xdr affecting versions up to 25.0.0. The issue is in the StringM::from_str method, which fails to enforce the maximum length constraint on input strings. Specifically, when calling StringM::<N>::from_str(s) with a string s longer than N bytes, the method incorrectly returns Ok instead of an error, resulting in a StringM instance that violates its length invariant.

This flaw impacts any code that constructs StringM values from string inputs using the FromStr trait (including str::parse) and relies on the maximum length validation. An oversized StringM can propagate through serialization, validation, or other logic that assumes the length invariant holds, potentially causing integrity issues.

The vulnerability was fixed in version 25.0.1 by changing the from_str implementation to route input through TryFrom<Vec<u8>>, which properly enforces the maximum length validation.

Useful 0 Not Useful 0

Impact Analysis

[{'type': 'paragraph', 'content': "This vulnerability can impact you by allowing the creation of StringM instances that exceed their declared maximum length, violating the type's length invariant."}, {'type': 'paragraph', 'content': 'Such oversized StringM values can propagate through serialization, validation, or other logic that assumes the length constraint is enforced, potentially leading to data integrity issues.'}, {'type': 'paragraph', 'content': 'While the vulnerability does not affect confidentiality or availability, it impacts integrity, meaning that data processed or stored may be corrupted or invalid due to the acceptance of oversized strings.'}] [1]

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability involves the `StringM::from_str` method in the stellar-xdr Rust crate incorrectly accepting strings longer than the declared maximum length without error. Detection involves identifying if your code or system uses vulnerable versions of the stellar-xdr crate (up to and including 25.0.0) and if it constructs `StringM` values from string inputs using `FromStr` or `str::parse` without additional length validation.'}, {'type': 'paragraph', 'content': 'To detect the vulnerability on your system, you can check the version of the stellar-xdr crate in use. For Rust projects, run the following command in your project directory to see the version:'}, {'type': 'list_item', 'content': 'cargo tree | grep rs-stellar-xdr'}, {'type': 'paragraph', 'content': 'If the version is 25.0.0 or earlier, your system is vulnerable. Additionally, you can audit your code for usage of `StringM::from_str` or `str::parse::<StringM>` calls without manual length checks.'}, {'type': 'paragraph', 'content': 'As a manual test, you can attempt to parse an oversized string using `StringM::from_str` in a controlled environment to see if it incorrectly succeeds. For example, in a Rust test or REPL:'}, {'type': 'list_item', 'content': 'let result = StringM::<3>::from_str("hello"); // "hello" is 5 bytes, exceeding max length 3'}, {'type': 'list_item', 'content': 'assert!(result.is_err()); // In vulnerable versions, this incorrectly returns Ok'}] [1, 4]

Useful 0 Not Useful 0

Mitigation Strategies

The primary and recommended mitigation is to upgrade the stellar-xdr crate to version 25.0.1 or later, where the vulnerability has been fixed by enforcing maximum length validation in `StringM::from_str`.

If upgrading immediately is not possible, you can apply the following workarounds:

• Manually validate the byte length of input strings before calling `StringM::from_str` to ensure they do not exceed the maximum allowed length.
• Use `StringM::try_from(s.as_bytes().to_vec())` instead of `StringM::from_str(s)`, as `try_from` correctly enforces the length constraint.

Review your codebase for any usage of `StringM::from_str` or `str::parse::<StringM>` and replace or guard these calls accordingly.

Useful 0 Not Useful 0