GHSA-rxf6-323f-44fc

Опубликовано: 05 июл. 2025

Источник: github

Github: Прошло ревью

CVSS3: 5.9

Описание

Duplicate Advisory: rust-protobuf crate is vulnerable to Uncontrolled Recursion, potentially leading to DoS

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-2gh3-rmm4-6rq5. This link is maintained to preserve external references.

The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::coded_input_stream::CodedInputStream::skip_group parsing of unknown fields in untrusted input.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2025-53605
https://github.com/stepancheg/rust-protobuf/issues/749
https://github.com/stepancheg/rust-protobuf/commit/ee1d928785cff80cbdbedde29fbf5210654410f0
https://crates.io/crates/protobuf
https://rustsec.org/advisories/RUSTSEC-2024-0437

Пакеты

Наименование

protobuf

rust

Затронутые версииВерсия исправления

< 3.7.2

3.7.2

5.9 Medium

CVSS3

Дефекты

CWE-674

5.9 Medium

CVSS3

Дефекты

CWE-674