CVE-2020-35858

moderate-risk
Published 2020-12-31

An issue was discovered in the prost crate before 0.6.1 for Rust. There is stack consumption via a crafted message, causing a denial of service (e.g., x86) or possibly remote code execution (e.g., ARM).

Do I need to act?

~
2.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 9ec36145802767cdece2268c05b2663dcb004e0a
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Prost

Affected Vendors

Prost Project

References (2)

Exploit https://rustsec.org/advisories/RUSTSEC-2020-0002.html
Exploit https://rustsec.org/advisories/RUSTSEC-2020-0002.html
43
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 6/34 · Minimal
Exposure 5/34 · Minimal