CVE-2020-35858

Name of the Vulnerable Software and Affected Versions prost crate versions prior to 0.6.1

Description The issue is related to stack consumption via a crafted message, potentially causing a denial of service or possibly remote code execution, depending on the architecture. Decoding untrusted input could overflow the stack. On architectures with stack probes, like x86, this can lead to denial of service attacks. In contrast, on architectures without stack probes, like ARM, overflowing the stack can result in potential memory corruption or even remote code execution.

Recommendations For versions prior to 0.6.1, update to version 0.6.1 to resolve the issue. As a temporary workaround, consider avoiding the decoding of untrusted input until the update is applied. Restrict access to potentially vulnerable functions or modules that handle input decoding to minimize the risk of exploitation.