{"id":"RUSTSEC-2024-0437","summary":"Crash due to uncontrolled recursion in protobuf crate","details":"Affected version of this crate did not properly parse unknown fields when parsing a user-supplied input.\n\nThis allows an attacker to cause a stack overflow when parsing the mssage on untrusted data.","aliases":["CVE-2025-53605","GHSA-2gh3-rmm4-6rq5"],"modified":"2026-02-04T02:24:04.262379Z","published":"2024-12-12T12:00:00Z","related":["GHSA-735f-pc8j-v9w8"],"database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/protobuf"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2024-0437.html"},{"type":"REPORT","url":"https://github.com/stepancheg/rust-protobuf/issues/749"}],"affected":[{"package":{"name":"protobuf","ecosystem":"crates.io","purl":"pkg:cargo/protobuf"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"3.7.2"}]}],"ecosystem_specific":{"affected_functions":null,"affects":{"os":[],"arch":[],"functions":["protobuf::coded_input_stream::CodedInputStream::skip_group"]}},"database_specific":{"categories":["denial-of-service"],"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2024-0437.json","cvss":null,"informational":null}}],"schema_version":"1.7.3"}