Status
Impact
While there is a fix for rust-protobuf v3, v2 claims "only most critical bugfixes will be applied to 2.x version, otherwise it won't be maintained". It remains to be seen if the fix will be backported to the v2 line, or if ztunnel's maintainers will update to v3. Either way, Chainguard is unable to mitigate this CVE.
Status