KEMBAR78
RUSTSEC-2024-0437: Crash due to uncontrolled recursion in protobuf crate · Issue #530 · static-web-server/static-web-server · GitHub
Skip to content

RUSTSEC-2024-0437: Crash due to uncontrolled recursion in protobuf crate #530

New issue
New issue
Closed
#532
Closed
RUSTSEC-2024-0437: Crash due to uncontrolled recursion in protobuf crate#530
#532
Labels
dependencyRelated to dependenciessecurityRelated to Securityv2v2 release
Milestone
v2.36.1
@github-actions

Description

@github-actions
github-actions
bot
opened on Mar 8, 2025

Crash due to uncontrolled recursion in protobuf crate

Details
Package protobuf
Version 2.28.0
URL stepancheg/rust-protobuf#749
Date 2024-12-12

Affected version of this crate did not properly parse unknown fields when parsing a user-supplied input.

This allows an attacker to cause a stack overflow when parsing the mssage on untrusted data.

See advisory page for additional details.

Metadata

Metadata

Assignees

No one assigned

    Labels

    dependencyRelated to dependenciessecurityRelated to Securityv2v2 release

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions