smol-toml 1.6.1 Patches Stack Overflow Vulnerability in TOML Pser (GHSA-v3rj-xjv7-4jmq)

A widely used Rust library for parsing TOML configuration files has patched a security flaw that could allow an attacker to crash applications. The vulnerability, tracked as GHSA-v3rj-xjv7-4jmq, exists in smol-toml versions prior to 1.6.1. The issue stems from unrestricted recursion when processing a maliciously crafted TOML document containing thousands of successive commented lines, which can trigger a stack overflow error and cause a denial-of-service condition.

The patch was released in smol-toml version 1.6.1. The fix addresses the parsing logic to prevent the recursive depth from exceeding safe limits. This type of vulnerability is significant because TOML is a common configuration format for Rust applications, and a parser crash could disrupt services or be leveraged as part of a broader attack chain. The advisory was published through the GitHub Security Advisory system, indicating formal recognition of the risk.

Projects depending on smol-toml must update to version 1.6.1 or later to mitigate this risk. While the advisory describes it as a 'minor' vulnerability, any stack overflow condition represents a tangible stability and security threat, especially for applications that parse untrusted TOML input. This update is part of the routine but critical maintenance required to secure software supply chains against such edge-case exploits.