RUSTSEC-2019-0003

Out of Memory in stream::read_raw_bytes_into()

Issued
Package
protobuf (crates.io)
Type
Vulnerability
Categories
  • denial-of-service
Aliases
Details
https://github.com/stepancheg/rust-protobuf/issues/411
Patched
  • ^1.7.5
  • >=2.6.0
Keywords
  • oom
  • panic
Affected Functions
Version
protobuf::stream::read_raw_bytes_into
  • <2.6.0

Description

Affected versions of this crate called Vec::reserve() on user-supplied input.

This allows an attacker to cause an Out of Memory condition while calling the vulnerable method on untrusted data.

More