rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
advisory-db/crates/rmpv/RUSTSEC-2017-0006.md
Alexis Mousset 84c633df9c Update aliases from GHSA OSV export (#1693)
2023-06-13 15:10:24 +02:00

626 B
Raw Permalink Blame History 

[advisory]
id = "RUSTSEC-2017-0006"
package = "rmpv"
categories = ["denial-of-service"]
date = "2017-11-21"
keywords = ["memory", "dos", "msgpack", "serialization", "deserialization"]
url = "https://github.com/3Hren/msgpack-rust/issues/151"
aliases = ["GHSA-mcrf-7hf9-f6q5"]

[versions]
patched = [">= 0.4.2"]

Unchecked vector pre-allocation

Affected versions of this crate pre-allocate memory on deserializing raw buffers without checking whether there is sufficient data available.

This allows an attacker to do denial-of-service attacks by sending small msgpack messages that allocate gigabytes of memory.