From c33a71055135f0f6d9eab92286cecff9ed904c58 Mon Sep 17 00:00:00 2001
From: Luca <15819264+lcnz@users.noreply.github.com>
Date: Thu, 15 Aug 2024 15:33:44 +0200
Subject: [PATCH] add alloy-json-abi stack-overflow (#2033)

---
 crates/alloy-json-abi/RUSTSEC-0000-0000.md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 crates/alloy-json-abi/RUSTSEC-0000-0000.md

diff --git a/crates/alloy-json-abi/RUSTSEC-0000-0000.md b/crates/alloy-json-abi/RUSTSEC-0000-0000.md
new file mode 100644
index 000000000..b828da6e4
--- /dev/null
+++ b/crates/alloy-json-abi/RUSTSEC-0000-0000.md
@@ -0,0 +1,19 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "alloy-json-abi"
+date = "2024-07-30"
+url = "https://github.com/alloy-rs/core/issues/702"
+keywords = ["stack-overflow"]
+
+[versions]
+patched = [">= 0.7.7"]
+```
+
+# Stack overflow when parsing specially crafted JSON ABI strings
+
+Affected versions of the `alloy-json-abi` crate did not properly handle parsing of malformatted JSON ABI strings. The `JsonAbi::parse` method can be tricked into a stack overflow when processing specially crafted input. 
+
+This stack overflow can lead to a crash of the application using this crate, potentially causing a denial of service.
+
+The flaw was corrected in commit 4790c47.