GHSA-mcrf-7hf9-f6q5

Опубликовано: 25 авг. 2021

Источник: github

Github: Прошло ревью

Описание

Unchecked vector pre-allocation

Affected versions of this crate pre-allocate memory on deserializing raw buffers without checking whether there is sufficient data available. This allows an attacker to do denial-of-service attacks by sending small msgpack messages that allocate gigabytes of memory.

Ссылки

https://github.com/3Hren/msgpack-rust/issues/151
https://rustsec.org/advisories/RUSTSEC-2017-0006.html

Пакеты

Наименование

rmpv

rust

Затронутые версииВерсия исправления

< 0.4.2

0.4.2

Дефекты

CWE-400

Дефекты

CWE-400