pingora
pingora copied to clipboard
cloudflare
RUSTSEC-2024-0437: Crash due to uncontrolled recursion in protobuf crate
Crash due to uncontrolled recursion in protobuf crate
| Details | |
|---|---|
| Package | protobuf |
| Version | 2.28.0 |
| URL | https://github.com/stepancheg/rust-protobuf/issues/749 |
| Date | 2024-12-12 |
Affected version of this crate did not properly parse unknown fields when parsing a user-supplied input.
This allows an attacker to cause a stack overflow when parsing the mssage on untrusted data.
See advisory page for additional details.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
It looks like management of cargo audit check items is required. I added a commit for this https://github.com/cloudflare/pingora/pull/554/commits/db89b1c92b1b21ffb62056bf4c8b6029733d6562. Maybe this could be an option for the situation.
