HistoryEdit

RUSTSEC-2021-0073

Conversion from prost_types::Timestamp to SystemTime can cause an overflow and panic

Issued
Package
prost-types (crates.io)
Type
Vulnerability
Categories
Keywords
#denial-of-service
Details
https://github.com/tokio-rs/prost/issues/438
Patched
  • >=0.8.0
Keywords
#denial-of-service
Affected Functions
Version
prost_types::Timestamp::Into<SystemTime>
  • <=0.7.0

Description

Affected versions of this crate contained a bug in which untrusted input could cause an overflow and panic when converting a Timestamp to SystemTime.

It is recommended to upgrade to prost-types v0.8 and switch the usage of From<Timestamp> for SystemTime to TryFrom<Timestamp> for SystemTime.

See #438 for more information.