GitLab

When we're parsing microdescriptors, we don't clear the dynamically allocated part of the tokens after parsing. This can leak memory if the microdescriptors are badly formed.

This can enable a comparatively slow denial of service (on the order of several MB per MD download request made to a hostile source), and needs to be patched.

Found as a needle in the haystack of #11618 (moved).