espresso-sequencer icon indicating copy to clipboard operation
espresso-sequencer copied to clipboard

Published 20 hours ago verified publisher icon EspressoSystems

RUSTSEC-2024-0437: Crash due to uncontrolled recursion in protobuf crate

Open github-actions[bot] opened this issue 7 months ago • 0 comments

Crash due to uncontrolled recursion in protobuf crate

Details
Package protobuf
Version 2.28.0
URL https://github.com/stepancheg/rust-protobuf/issues/749
Date 2024-12-12

Affected version of this crate did not properly parse unknown fields when parsing a user-supplied input.

This allows an attacker to cause a stack overflow when parsing the mssage on untrusted data.

See advisory page for additional details.

github-actions[bot] avatar Mar 08 '25 00:03 github-actions[bot]