Primary

Context

protobuf Crate Uncontrolled Recursion Vulnerability in Rust

Vulnerability

Patched

A denial-of-service vulnerability has been identified in the protobuf crate for Rust, affecting versions through 3.4.0. The issue arises in the 'skip_group' function of the 'CodedInputStream' module, where improper parsing of unknown fields in untrusted input can lead to uncontrolled recursion. This flaw allows attackers to cause a stack overflow by exploiting the recursive parsing of messages.

Impact

Exploitation of this vulnerability leads to a stack overflow, causing a crash due to uncontrolled recursion.

Remediation

Users can upgrade to version 3.7.2 or later to address this vulnerability.

Added: Jul 5, 2025, 1:19 AM

Updated: Jul 5, 2025, 1:19 AM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

4.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

4.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

protobuf Crate Uncontrolled Recursion Vulnerability in Rust

Vulnerability

Impact

Remediation

Affected Products

protobuf

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating