Affected versions of this crate called Vec::reserve() on user-supplied input.
This allows an attacker to cause an Out of Memory condition while calling the vulnerable method on untrusted data.
{ "license": "CC0-1.0" }
{ "affected_functions": null, "affects": { "os": [], "functions": [ "protobuf::stream::read_raw_bytes_into" ], "arch": [] } }
{ "cvss": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "informational": null, "categories": [ "denial-of-service" ] }