GHSA-FPF5-4JW8-67X8: GHSA-FPF5-4JW8-67X8: Unbounded Memory Allocation in rust-zserio

1 / 2

GHSA-FPF5-4JW8-67X8: GHSA-FPF5-4JW8-67X8: Unbounded Memory Allocation in rust-zserio

DEV Community·CVE Reports·26 days ago

#s6N0n6KT

#security #cve #cybersecurity #ghsa #zserio #rust

Reading 0:00

15s threshold

GHSA-FPF5-4JW8-67X8: Unbounded Memory Allocation in rust-zserio Vulnerability ID: GHSA-FPF5-4JW8-67X8 CVSS Score: 7.5 Published: 2026-05-07 A critical vulnerability exists in the rust-zserio crate regarding how auto-generated deserialization routines handle variable-length structures. By supplying a maliciously crafted Zserio bitstream with an artificially inflated size header, an attacker can force the application to request massive memory allocations, resulting in an Out-of-Memory (OOM) panic and process termination. TL;DR Unbounded memory allocation in rust-zserio allows remote attackers to trigger an Out-of-Memory crash by providing malformed bitstreams with massive array lengths.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

GHSA-FPF5-4JW8-67X8: GHSA-FPF5-4JW8-67X8: Unbounded Memory Allocation in rust-zserio