Intel

AIKIDO-2026-296415

der is vulnerable to Denial of Service (DoS)

Denial of Service (DoS) Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published 2 days ago

53

Medium Risk

This Affects:

RUSTder
0.6.0 - 0.8.0
Fixed in 0.8.1
Are you affected? Scan for Free

TL;DR

The der crate sorts the elements of a DER SET OF at decode time using a hand-rolled insertion sort in der_sort. That sort runs in O(n^2) time, so a crafted reverse-sorted SET OF forces roughly n(n-1)/2 comparisons and swaps on every SetOfVec or heapless SetOf decode. An attacker who supplies untrusted DER, such as a certificate parsed through x509-cert or a CMS structure, can make a single decode consume large amounts of CPU time and cause denial of service. The fix replaces the insertion sort with an in-place O(n log n) sort_unstable_by while preserving DER ordering and duplicate handling.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and your application decodes untrusted DER-encoded SET OF values, for example when parsing X.509 certificates or CMS structures.

Background info

der is vulnerable to Denial of Service (DoS) in versions 0.6.0 - 0.8.0.

How to fix this

Upgrade the der library to the patch version.