CVE-2019-15544

Name of the Vulnerable Software and Affected Versions protobuf crate versions prior to 2.6.0

Description An issue in the protobuf crate allows attackers to exhaust all memory via Vec::reserve calls. This occurs because affected versions of the crate called Vec::reserve() on user-supplied input, enabling an attacker to cause an Out of Memory condition when the vulnerable method is called on untrusted data.

Recommendations For versions prior to 2.6.0, update to version 2.6.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Vec::reserve method on untrusted input until a patch is applied.