2 matches found
CVE-2021-38192
CVE-2021-38192 affects the Rust crate prost-types prior to 0.8.0, where converting a Timestamp to SystemTime can overflow and panic. The issue is addressed by upgrading to prost-types v0.8 and switching the From for SystemTime usage to TryFrom for SystemTime. The vulnerability is described across...
CVE-2020-35858
The CVE-2020-35858 issue affects the prost crate for Rust prior to 0.6.1, where decoding a crafted message can cause stack consumption leading to denial of service (notably on x86) and potentially remote code execution (e.g., on ARM). The root cause is a stack-related flaw in parsing untrusted in...