mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-02-13 21:18:11 +01:00
cad07fbc25
Patched as of v0.4.2: https://github.com/RustSec/advisory-db/pull/171#issuecomment-540169499
17 lines
605 B
TOML
17 lines
605 B
TOML
[advisory]
|
|
id = "RUSTSEC-2017-0006"
|
|
package = "rmpv"
|
|
date = "2017-11-21"
|
|
title = "Unchecked vector pre-allocation"
|
|
description = """
|
|
Affected versions of this crate pre-allocate memory on deserializing raw
|
|
buffers without checking whether there is sufficient data available.
|
|
|
|
This allows an attacker to do denial-of-service attacks by sending small
|
|
msgpack messages that allocate gigabytes of memory.
|
|
"""
|
|
patched_versions = [">= 0.4.2"]
|
|
url = "https://github.com/3Hren/msgpack-rust/issues/151"
|
|
categories = ["denial-of-service"]
|
|
keywords = ["memory", "dos", "msgpack", "serialization", "deserialization"]
|