From 57f553ee4570dcc3889bbfff752da240c774676e Mon Sep 17 00:00:00 2001 From: Danilo Bargen Date: Thu, 16 Jan 2020 20:22:21 +0100 Subject: [PATCH 1/2] Add advisory for prost stack overflow --- crates/prost/RUSTSEC-0000-0000.toml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 crates/prost/RUSTSEC-0000-0000.toml diff --git a/crates/prost/RUSTSEC-0000-0000.toml b/crates/prost/RUSTSEC-0000-0000.toml new file mode 100644 index 0000000000..2d2967e67c --- /dev/null +++ b/crates/prost/RUSTSEC-0000-0000.toml @@ -0,0 +1,20 @@ +[advisory] +id = "RUSTSEC-0000-0000" +package = "prost" +date = "2020-01-16" +title = "Parsing a message can result in a stack overflow" +description = """ +Affected versions of this crate contained a bug in which decoding untrusted +input could overflow the stack. + +On architectures with stack probes (like x86), this can be used for denial of +service attacks, while on architectures without stack probes (like ARM) +overflowing the stack is unsound and can result in potential memory corruption +(or even RCE). + +The flaw was quickly corrected by @danburkert and released in version 0.6.1. +""" +patched_versions = [">= 0.6.1"] +url = "https://github.com/danburkert/prost/issues/267" +categories = ["denial-of-service", "memory-corruption"] +keywords = ["stack overflow"] From 7a0d254bbe62e069155ee198d2c42a79a77902ac Mon Sep 17 00:00:00 2001 From: Danilo Bargen Date: Thu, 16 Jan 2020 20:23:41 +0100 Subject: [PATCH 2/2] fixup! Add advisory for prost stack overflow --- crates/prost/RUSTSEC-0000-0000.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crates/prost/RUSTSEC-0000-0000.toml b/crates/prost/RUSTSEC-0000-0000.toml index 2d2967e67c..983aea64c9 100644 --- a/crates/prost/RUSTSEC-0000-0000.toml +++ b/crates/prost/RUSTSEC-0000-0000.toml @@ -2,7 +2,7 @@ id = "RUSTSEC-0000-0000" package = "prost" date = "2020-01-16" -title = "Parsing a message can result in a stack overflow" +title = "Parsing a specially crafted message can result in a stack overflow" description = """ Affected versions of this crate contained a bug in which decoding untrusted input could overflow the stack.