stepancheg/rust-protobuf
Releases116
Frequency3 weeks 6 days
Last Release
Stars2.98K
Rust implementation of Google protocol buffers
CVE History
| CVE | Affected | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|---|
| — | 5.9 MEDIUM | — | ||
The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::coded_input_stream::CodedInputStream::skip_group parsing of unknown fields in untrusted input. | ||||
| < 1.7.5, >= 2.0.0, < 2.6.0 | 7.5 HIGH | 5 MEDIUM | ||
An issue was discovered in the protobuf crate before 2.6.0 for Rust. Attackers can exhaust all memory via Vec::reserve calls. | ||||