- Reported
-
- Issued
-
- Package
-
prost-types
(crates.io)
- Type
-
Vulnerability
- Categories
-
- Keywords
-
#denial-of-service
- Aliases
-
- Details
-
https://github.com/tokio-rs/prost/issues/438
- Patched
-
- Affected Functions
- Version
prost_types::Timestamp::Into<SystemTime>
-
Description
Affected versions of this crate contained a bug in which untrusted input could cause an overflow and panic when converting a Timestamp
to SystemTime
.
It is recommended to upgrade to prost-types
v0.8 and switch the usage of From<Timestamp> for SystemTime
to TryFrom<Timestamp> for SystemTime
.
See #438 for more information.