RUSTSEC-2019-0003: protobuf: Out of Memory in stream::read_raw_bytes_into()

Description

Affected versions of this crate called Vec::reserve() on user-supplied input.

This allows an attacker to cause an Out of Memory condition while calling the vulnerable method on untrusted data.

More Info

https://github.com/stepancheg/rust-protobuf/issues/411

Patched Versions