Описание
Out of bounds write in prost
Affected versions of this crate contained a bug in which decoding untrusted input could overflow the stack. On architectures with stack probes (like x86), this can be used for denial of service attacks, while on architectures without stack probes (like ARM) overflowing the stack is unsound and can result in potential memory corruption (or even RCE).
Пакеты
Наименование
prost
rust
Затронутые версииВерсия исправления
< 0.6.1
0.6.1
Связанные уязвимости
CVSS3: 9.8
nvd
около 5 лет назад
An issue was discovered in the prost crate before 0.6.1 for Rust. There is stack consumption via a crafted message, causing a denial of service (e.g., x86) or possibly remote code execution (e.g., ARM).