{"uuid": "49ef2ecb-003e-464a-91e4-2562317c2114", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-FPF5-4JW8-67X8", "type": "seen", "source": "https://gist.github.com/alon710/fbdb426cde042168e0871c7f8c96676d", "content": "# GHSA-FPF5-4JW8-67X8: GHSA-FPF5-4JW8-67X8: Unbounded Memory Allocation in rust-zserio\n\n> **CVSS Score:** 7.5\n> **Published:** 2026-05-07\n> **Full Report:** https://cvereports.com/reports/GHSA-FPF5-4JW8-67X8\n\n## Summary\nA critical vulnerability exists in the rust-zserio crate regarding how auto-generated deserialization routines handle variable-length structures. By supplying a maliciously crafted Zserio bitstream with an artificially inflated size header, an attacker can force the application to request massive memory allocations, resulting in an Out-of-Memory (OOM) panic and process termination.\n\n## TL;DR\nUnbounded memory allocation in rust-zserio allows remote attackers to trigger an Out-of-Memory crash by providing malformed bitstreams with massive array lengths.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE**: CWE-770\n- **Attack Vector**: Network (Malicious Payload)\n- **Impact**: Denial of Service (DoS)\n- **Exploit Status**: Proof of Concept (PoC) Available\n- **Authentication Required**: None\n- **Remediation**: Code Generator Update\n\n## Affected Systems\n\n- Software leveraging rust-zserio versions prior to May 1, 2026\n- Systems parsing untrusted Zserio payloads using generated Rust code\n- **rust-zserio**: < 57f5fb4a2a8611d58dbcc1a9221349206dd99c3c (Fixed in: `57f5fb4a2a8611d58dbcc1a9221349206dd99c3c`)\n\n## Mitigation\n\n- Update the rust-zserio crate to a version containing the fix commit.\n- Regenerate all previously generated Rust code for Zserio decoding.\n- Implement network-layer access controls to limit exposure of endpoints parsing Zserio structures.\n\n**Remediation Steps:**\n1. Bump the rust-zserio dependency in Cargo.toml to the patched version.\n2. Execute the build process to trigger the internal generator.\n3. Verify that the newly generated code uses push-based loops instead of vec! macro initializations.\n4. Optionally configure the array allocation chunk size using zserio::set_array_alloc_chunk() to fine-tune memory profiles.\n\n## References\n\n- [GitHub Advisory](https://github.com/advisories/GHSA-FPF5-4JW8-67X8)\n- [Repository](https://github.com/Danaozhong/rust-zserio)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/GHSA-FPF5-4JW8-67X8) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-07T02:10:29.000000Z"}