Listen to this Post
The vulnerability exists in the CEL expression parser within the cel-rust crate. When parsing specially crafted, malformed CEL expressions, the parser encounters a code path that was marked as unreachable (unreachable!() macro). This occurs during the traversal of the parse tree generated by the ANTLR4 parser. Specifically, when processing an invalid function call syntax like `x(1,` with a missing argument and closing parenthesis, the visitor pattern implementation for the `UnaryContext` node fails to handle this unexpected structure. This triggers a panic in the Rust runtime because the code executes a branch the developers assumed was impossible, leading to an immediate termination of the process and a Denial of Service condition.
Platform: cel-rust crate
Version: < 0.11.4
Vulnerability : Parser Panic
Severity: Medium
date: 2023-XX-XX
Prediction: Patch available
What Undercode Say:
cargo update cel
let program = Program::compile("x(1,").unwrap();
cel = "0.11.4"
How Exploit:
Craft malformed CEL expression.
Send via user input.
Trigger unreachable code panic.
Protection from this CVE
Upgrade cel crate.
Validate input expressions.
Use fuzzing tests.
Impact:
Application crash.
Denial of Service.
Service unavailability.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
