stepancheg/rust-protobuf

stepancheg/rust-protobuf

Releases116
Frequency3 weeks 6 days
Last Release
Stars2.98K
Rust implementation of Google protocol buffers

CVE History

CVEAffectedPublishedCVSS v3CVSS v2
5.9 MEDIUM

The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::coded_input_stream::CodedInputStream::skip_group parsing of unknown fields in untrusted input.

< 1.7.5, >= 2.0.0, < 2.6.07.5 HIGH5 MEDIUM

An issue was discovered in the protobuf crate before 2.6.0 for Rust. Attackers can exhaust all memory via Vec::reserve calls.