From 57a8cb1eae50dee8f6585f28309d73363c3ce7c8 Mon Sep 17 00:00:00 2001
From: Danilo Bargen <mail@dbrgn.ch>
Date: Tue, 1 Oct 2019 10:15:06 +0200
Subject: [PATCH] Add advisory for DoS vulnerability in rmpv

---
 crates/rmpv/RUSTSEC-0000-0000.toml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 crates/rmpv/RUSTSEC-0000-0000.toml

diff --git a/crates/rmpv/RUSTSEC-0000-0000.toml b/crates/rmpv/RUSTSEC-0000-0000.toml
new file mode 100644
index 0000000..74f5841
--- /dev/null
+++ b/crates/rmpv/RUSTSEC-0000-0000.toml
@@ -0,0 +1,16 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "rmpv"
+date = "2017-11-21"
+title = "Unchecked vector pre-allocation"
+description = """
+Affected versions of this crate pre-allocate memory on deserializing raw
+buffers without checking whether there is sufficient data available.
+
+This allows an attacker to do denial-of-service attacks by sending small
+msgpack messages that allocate gigabytes of memory.
+"""
+patched_versions = []
+url = "https://github.com/3Hren/msgpack-rust/issues/151"
+categories = ["denial-of-service"]
+keywords = ["memory", "dos", "msgpack", "serialization", "deserialization"]