Files
advisory-db/crates/protobuf/RUSTSEC-2019-0003.toml
2019-05-15 13:40:57 -07:00

16 lines
523 B
TOML

[advisory]
id = "RUSTSEC-2019-0003"
package = "protobuf"
date = "2018-06-08"
title = "Out of Memory in stream::read_raw_bytes_into()"
description = """
Affected versions of this crate called Vec::reserve() on user-supplied input.
This allows an attacker to cause an Out of Memory condition while calling the
vulnerable method on untrusted data.
"""
url = "https://github.com/stepancheg/rust-protobuf/issues/411"
keywords = ["oom", "panic", "dos"]
affected_functions = ["stream::read_raw_bytes_into"]
patched_versions = []