CVE-2019-15544
published 2019-08-26CVE-2019-15544: An issue was discovered in the protobuf crate before 2.6.0 for Rust. Attackers can exhaust all memory via Vec::reserve calls.
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
An issue was discovered in the protobuf crate before 2.6.0 for Rust. Attackers can exhaust all memory via Vec::reserve calls.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | hbase | — | — |
| protobuf | >= 0 < 2.6.0 | 2.6.0 | |
| protobuf | >= 0.0.0-0 < 1.7.5 | 1.7.5 | |
| protobuf | >= 2.0.0-0 < 2.6.0 | 2.6.0 | |
| rust-protobuf_project | rust-protobuf | < 1.7.5 | 1.7.5 |
| rust-protobuf_project | rust-protobuf | >= 2.0.0 < 2.6.0 | 2.6.0 |