OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-03 18:15:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

prost-types: Timestamp conversion overflow (#954)

Browse Source
This commit is contained in:
Lucio Franco
2021-07-08 13:25:47 -04:00
committed by GitHub
parent cbeaf18e2b
commit 1889bffd67
1 changed files with 25 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
crates/prost-types/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,25 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "prost-types"
date = "2021-07-08"
url = "https://github.com/tokio-rs/prost/issues/438"
categories = ["denial-of-service"]
keywords = ["denial-of-service"]
[versions]
patched = [">= 0.8.0"]
[affected]
functions = { "prost_types::Timestamp::Into<SystemTime>" = ["<= 0.7.0"] }
```
# Conversion from `prost_types::Timestamp` to `SystemTime` can cause an overflow and panic
Affected versions of this crate contained a bug in which untrusted input could cause an overflow and panic when converting a `Timestamp` to `SystemTime`.
It is recommended to upgrade to `prost-types` v0.8 and switch the usage of `From<Timestamp> for SystemTime` to `TryFrom<Timestamp> for SystemTime`.
See [#438] for more information.
[#438]: https://github.com/tokio-rs/prost/issues/438