CVE-2024-44073: 
Rust vulnerability analysis and mitigation

The Miniscript (aka rust-miniscript) library before version 12.2.0 for Rust contains a vulnerability related to improper tree depth tracking. The vulnerability was discovered and disclosed in August 2024, affecting all versions of the library prior to 12.2.0. The issue specifically impacts the Rust implementation of Miniscript, which is used for Bitcoin script operations (NVD).

The vulnerability stems from improper tracking of tree depth in the Miniscript library. The issue occurs because the library does not properly track tree depth during operations, which can lead to stack consumption. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating that it can be exploited remotely without requiring privileges or user interaction (NVD).

The primary impact of this vulnerability is the potential for stack overflow conditions due to uncontrolled tree depth. This can lead to denial of service conditions when processing certain Miniscript operations. The vulnerability affects availability but does not impact confidentiality or integrity of the system (NVD).

The vulnerability has been fixed in Miniscript version 12.2.0. Users are advised to upgrade to this version or later to address the security issue. The fix involves implementing proper tree depth tracking mechanisms to prevent stack overflow conditions (Github PR).