Search CVE reports
11 – 16 of 16 results
Some fixes available 5 of 6
A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2,...
1 affected package
protobuf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| protobuf | — | Fixed | Fixed | Fixed |
Some fixes available 9 of 80
Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
9 affected packages
argyll, ccextractor, libgadu, libpg-query, libsignal-protocol-c...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| argyll | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ccextractor | Needs evaluation | Needs evaluation | Needs evaluation | — |
| libgadu | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libpg-query | Needs evaluation | Needs evaluation | — | — |
| libsignal-protocol-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ocserv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| pidgin | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| protobuf-c | Fixed | Fixed | Fixed | Needs evaluation |
| sudo | Not affected | Fixed | Not affected | Not affected |
Some fixes available 6 of 7
Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is...
1 affected package
protobuf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| protobuf | — | Fixed | Fixed | Fixed |
Some fixes available 5 of 7
An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating...
1 affected package
protobuf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| protobuf | — | Fixed | Fixed | Fixed |
Some fixes available 9 of 13
An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.
1 affected package
golang-gogoprotobuf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-gogoprotobuf | Fixed | Fixed | Needs evaluation | Needs evaluation |
Some fixes available 1 of 14
protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.
1 affected package
protobuf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| protobuf | Not affected | Not affected | Not affected | Vulnerable |