CNNVD-202601-4635 Information
CNNVD ID
CNNVD-202601-4635
Related CVE
- CNNVD Published: 2026-01-28
Description (Chinese)
rs-soroban-sdk是Stellar开源的一个Rust开发者工具包。 rs-soroban-sdk 25.0.1及之前版本、23.5.1及之前版本和25.0.2及之前版本存在输入验证错误漏洞,该漏洞源于Bytes::slice、Vec::slice和Prng::gen_range方法存在算术溢出,可能导致在错误的数据范围内操作或生成非预期范围的随机数,从而破坏合约状态。
Description (English)
rs-soroban-sdk is a Rust Developer Toolkit from Stellar Open Source. rs-soroban-sdk 25.0.1 and earlier, 23.5.1 and earlier and 25.0.2 and previous versions have input-validation bugs, which stem from the arithmetical spillovers of Bytes:: slice, Vec:slice and Prng: gen range methods, which may result in the operation or generation of random numbers of unexpected ranges within the wrong data range, thereby undermining the contractual status.
Hazard Level
High
Vulnerability Type
输入验证错误
Affected Vendor
Stellar
Published
2026-01-28
Last Modified
2026-02-24
References
https://github.com/stellar/rs-soroban-sdk/commit/3890521426d71bb4d892b21f5a283a1e836cfa38 https://github.com/stellar/rs-soroban-sdk/commit/59fcef437260ed4da42d1efb357137a5c166c02e https://github.com/stellar/rs-soroban-sdk/commit/c2757c6d774dbb28b34a0b77ffe282e59f0f8462 https://github.com/stellar/rs-soroban-sdk/pull/1703 https://github.com/stellar/rs-soroban-sdk/releases/tag/v22.0.9 https://github.com/stellar/rs-soroban-sdk/releases/tag/v23.5.1 https://github.com/stellar/rs-soroban-sdk/releases/tag/v25.0.2 https://github.com/stellar/rs-soroban-sdk/security/advisories/GHSA-96xm-fv9w-pf3f
Patch
https://github.com/stellar/rs-soroban-sdk/releases
Share on: