crates.io package
protobuf
pkg:cargo/protobuf
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-53605 | Med | 5.9 | < 3.7.2 | 3.7.2 | Jul 5, 2025 | The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::coded_input_stream::CodedInputStream::skip_group parsing of unknown fields in untrusted input. | |
| CVE-2019-15544 | — | < 2.6.0 | 2.6.0 | Aug 26, 2019 | An issue was discovered in the protobuf crate before 2.6.0 for Rust. Attackers can exhaust all memory via Vec::reserve calls. |
- affected < 3.7.2fixed 3.7.2
The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::coded_input_stream::CodedInputStream::skip_group parsing of unknown fields in untrusted input.
- CVE-2019-15544Aug 26, 2019affected < 2.6.0fixed 2.6.0
An issue was discovered in the protobuf crate before 2.6.0 for Rust. Attackers can exhaust all memory via Vec::reserve calls.