RUSTSEC-2024-0402: Borsh serialization of HashMap is non-canonical


> Borsh serialization of HashMap is non-canonical

| Details             |                                                |
| ------------------- | ---------------------------------------------- |
| Package             | `hashbrown`                      |
| Version             | `0.15.0`                   |
| URL                 | [https://github.com/rust-lang/hashbrown/issues/576](https://github.com/rust-lang/hashbrown/issues/576) |
| Date                | 2024-10-11                         |
| Patched versions    | `>=0.15.1`                  |
| Unaffected versions | `<0.15.0`               |

The borsh serialization of the HashMap did not follow the borsh specification.
It potentially produced non-canonical encodings dependent on insertion order.
It also did not perform canonicty checks on decoding.

This can result in consensus splits and cause equivalent objects to be
considered distinct.

This was patched in 0.15.1.

See [advisory page](https://rustsec.org/advisories/RUSTSEC-2024-0402.html) for additional details.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

RUSTSEC-2024-0402: Borsh serialization of HashMap is non-canonical #4971

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Details
Package	`hashbrown`
Version	`0.15.0`
URL	rust-lang/hashbrown#576
Date	2024-10-11
Patched versions	`>=0.15.1`
Unaffected versions	`<0.15.0`

RUSTSEC-2024-0402: Borsh serialization of HashMap is non-canonical #4971

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions