RUSTSEC-2024-0437: Crash due to uncontrolled recursion in protobuf crate


> Crash due to uncontrolled recursion in protobuf crate

| Details             |                                                |
| ------------------- | ---------------------------------------------- |
| Package             | `protobuf`                      |
| Version             | `2.28.0`                   |
| URL                 | [https://github.com/stepancheg/rust-protobuf/issues/749](https://github.com/stepancheg/rust-protobuf/issues/749) |
| Date                | 2024-12-12                         |
| Patched versions    | `>=3.7.2`                  |

Affected version of this crate did not properly parse unknown fields when parsing a user-supplied input.

This allows an attacker to cause a stack overflow when parsing the mssage on untrusted data.

See [advisory page](https://rustsec.org/advisories/RUSTSEC-2024-0437.html) for additional details.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

RUSTSEC-2024-0437: Crash due to uncontrolled recursion in protobuf crate #5067

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Details
Package	`protobuf`
Version	`2.28.0`
URL	stepancheg/rust-protobuf#749
Date	2024-12-12
Patched versions	`>=3.7.2`

RUSTSEC-2024-0437: Crash due to uncontrolled recursion in protobuf crate #5067

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions