Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-62370

Good to know:

icon
icon

Date: October 15, 2025

Alloy Core libraries at the root of the Rust Ethereum ecosystem. Prior to 0.8.26 and 1.4.1, an uncaught panic triggered by malformed input to alloy_dyn_abi::TypedData could lead to a denial-of-service (DoS) via eip712_signing_hash(). Software with high availability requirements such as network services may be particularly impacted. If in use, external auto-restarting mechanisms can partially mitigate the availability issues unless repeated attacks are possible. The vulnerability was patched by adding a check to ensure the element is not empty before accessing its first element; an error is returned if it is empty. The fix is included in version v1.4.1 and backported to v0.8.26.

Severity Score

Related Resources (9)

https://github.com/alloy-rs/core/security/advisories/GHSA-pgp9-98jm-wwq2
https://crates.io/crates/alloy-dyn-abi
https://crates.io/crates/alloy-dyn-abi/0.8.26
https://github.com/alloy-rs/core/commit/7823e9af8c20e9fcfb5360f5eafd891c457ebccf
https://nvd.nist.gov/vuln/detail/CVE-2025-62370
https://crates.io/crates/alloy-dyn-abi/1.4.1
https://github.com/alloy-rs/core
https://rustsec.org/advisories/RUSTSEC-2025-0073.html
https://www.mend.io/vulnerability-database/CVE-2025-62370

Severity Score

Weakness Type (CWE)

Improper Input Validation

CWE-20

Uncaught Exception

CWE-248

Top Fix

icon

Upgrade Version

Upgrade to version alloy-dyn-abi - 0.8.26;alloy-dyn-abi - 1.4.1;https://github.com/alloy-rs/core.git - v0.8.26;https://github.com/alloy-rs/core.git - v1.4.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us