Uncontrolled memory consumption in protobuf
Affected versions of this crate called Vec::reserve() on user-supplied input. This allows an attacker to cause an Out of Memory condition while calling the vulnerable method on untrusted data.
Advisories for Cargo/Protobuf package
2021