{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-23T05:51:15.723","vulnerabilities":[{"cve":{"id":"CVE-2026-29795","sourceIdentifier":"security-advisories@github.com","published":"2026-03-06T21:16:15.950","lastModified":"2026-06-17T10:29:54.127","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"stellar-xdr is a library and CLI containing types and functionality for working with Stellar XDR. Prior to version 25.0.1, StringM::from_str does not validate that the input length is within the declared maximum (MAX). Calling StringM::<N>::from_str(s) where s is longer than N bytes succeeds and returns an Ok value instead of Err(Error::LengthExceedsMax), producing a StringM that violates its length invariant. This affects any code that constructs StringM values from string input using FromStr (including str::parse), and relies on the type's maximum length constraint being enforced. An oversized StringM could propagate through serialization, validation, or other logic that assumes the invariant holds. This issue has been patched in version 25.0.1."},{"lang":"es","value":"stellar-xdr es una librería y CLI que contiene tipos y funcionalidades para trabajar con Stellar XDR. Antes de la versión 25.0.1, StringM::from_str no valida que la longitud de entrada esté dentro del máximo declarado (MAX). Llamar a StringM::::from_str(s) donde s es más largo que N bytes tiene éxito y devuelve un valor Ok en lugar de Err(Error::LengthExceedsMax), produciendo un StringM que viola su invariante de longitud. Esto afecta a cualquier código que construye valores StringM a partir de una entrada de cadena usando FromStr (incluyendo str::parse), y que depende de que se aplique la restricción de longitud máxima del tipo. Un StringM sobredimensionado podría propagarse a través de la serialización, la validación u otra lógica que asume que el invariante se mantiene. Este problema ha sido parcheado en la versión 25.0.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"stellar","product":"rs-stellar-xdr","versions":[{"version":"< 25.0.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":4.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.5,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-09T20:49:57.353796Z","id":"CVE-2026-29795","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:stellar:stellar-xdr:*:*:*:*:*:rust:*:*","versionEndExcluding":"25.0.1","matchCriteriaId":"7DF08E48-746E-4AAE-B4F6-E9E8DE28E1B9"}]}]}],"references":[{"url":"https://github.com/stellar/rs-stellar-xdr/commit/1f840013c3e2fca0321fb844b048afa01d10dda6","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/stellar/rs-stellar-xdr/issues/499","source":"security-advisories@github.com","tags":["Issue Tracking"]},{"url":"https://github.com/stellar/rs-stellar-xdr/pull/500","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/stellar/rs-stellar-xdr/security/advisories/GHSA-x57h-xx53-v53w","source":"security-advisories@github.com","tags":["Mitigation","Patch","Vendor Advisory"]}]}}]}