This package has limited bug data (2 entries). Check back later or see the package health page for the full signal.
prost known bugs
cargo2 known bugs in prost, with affected versions, fixes and workarounds. Sourced from upstream issue trackers.
2
bugs
Known bugs
| Severity | Affected | Fixed in | Title | Status | Source |
|---|---|---|---|---|---|
| medium | 0.0.0-0 | 0.6.1 | Parsing a specially crafted message can result in a stack overflow Affected versions of this crate contained a bug in which decoding untrusted
input could overflow the stack.
On architectures with stack probes (like x86), this can be used for denial of
service attacks, while on architectures without stack probes (like ARM)
overflowing the stack is unsound and can result in potential memory corruption
(or even RCE).
The flaw was quickly corrected by @danburkert and released in version 0.6.1. | fixed | osv:RUSTSEC-2020-0002 |
| critical | any | 0.6.1 | Out of bounds write in prost Affected versions of this crate contained a bug in which decoding untrusted input could overflow the stack. On architectures with stack probes (like x86), this can be used for denial of service attacks, while on architectures without stack probes (like ARM) overflowing the stack is unsound and can result in potential memory corruption (or even RCE). | fixed | osv:GHSA-gv73-9mwv-fwgq |
API access
Get this data programmatically \u2014 free, no authentication.
curl https://depscope.dev/api/bugs/cargo/prost