agent
agent copied to clipboard
Published
20 hours ago •
stackabletech
stackabletech
RUSTSEC-2021-0073: Conversion from `prost_types::Timestamp` to `SystemTime` can cause an overflow and panic
Conversion from
prost_types::TimestamptoSystemTimecan cause an overflow and panic
| Details | |
|---|---|
| Package | prost-types |
| Version | 0.7.0 |
| URL | https://github.com/tokio-rs/prost/issues/438 |
| Date | 2021-07-08 |
| Patched versions | >=0.8.0 |
Affected versions of this crate contained a bug in which untrusted input could cause an overflow and panic when converting a Timestamp to SystemTime.
It is recommended to upgrade to prost-types v0.8 and switch the usage of From<Timestamp> for SystemTime to TryFrom<Timestamp> for SystemTime.
See #438 for more information.
See advisory page for additional details.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Crate: prost-types
Version: 0.7.0
Title: Conversion from `prost_types::Timestamp` to `SystemTime` can cause an overflow and panic
Date: 2021-07-08
ID: RUSTSEC-2021-0073
URL: https://rustsec.org/advisories/RUSTSEC-2021-0073
Solution: Upgrade to >=0.8.0
Dependency tree:
prost-types 0.7.0
├── prost-build 0.7.0
│ ├── tonic-build 0.4.2
│ │ ├── kubelet 0.7.0
│ │ │ └── stackable-agent 0.5.0-nightly
│ │ └── k8s-csi 0.3.0
│ │ └── kubelet 0.7.0
│ └── k8s-csi 0.3.0
├── kubelet 0.7.0
└── k8s-csi 0.3.0
I've added https://github.com/deislabs/krustlet/issues/640 upstream to maybe get an automated audit action there as well.
