You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jun 17, 2022. It is now read-only.
Affected versions of this crate contained a bug in which decoding untrusted
input could overflow the stack.
On architectures with stack probes (like x86), this can be used for denial of
service attacks, while on architectures without stack probes (like ARM)
overflowing the stack is unsound and can result in potential memory corruption
(or even RCE).
The flaw was quickly corrected by @danburkert and released in version 0.6.1.
prost0.5.0>= 0.6.1Affected versions of this crate contained a bug in which decoding untrusted
input could overflow the stack.
On architectures with stack probes (like x86), this can be used for denial of
service attacks, while on architectures without stack probes (like ARM)
overflowing the stack is unsound and can result in potential memory corruption
(or even RCE).
The flaw was quickly corrected by @danburkert and released in version 0.6.1.
See advisory page for additional details.
The text was updated successfully, but these errors were encountered: