PT-2021-22000 · Unknown · Prost-Types

Published

2021-07-08

Updated

2021-08-25

CVE-2021-38192

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: prost-types versions prior to 0.8.0

Description: An issue was discovered in the prost-types crate where an overflow can occur during conversion from Timestamp to SystemTime. This is caused by a bug that allows untrusted input to cause an overflow and panic during the conversion process.

Recommendations: To resolve the issue, upgrade to prost-types v0.8 and switch the usage of From<Timestamp> for SystemTime to TryFrom<Timestamp> for SystemTime.

Exploit

Fix

Integer Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-120

Related Identifiers

CVE-2021-38192

GHSA-X4QM-MCJQ-V2GF

RUSTSEC-2021-0073

Affected Products

Prost-Types

PT-2021-22000 · Unknown · Prost-Types

CVE-2021-38192

Weakness Enumeration

Related Identifiers

Affected Products

References · 12