Search CVE reports


Toggle filters

1 – 10 of 14 results


CVE-2024-7254

Medium priority
Needs evaluation

Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields...

1 affected packages

protobuf

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
protobuf Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-2410

Medium priority
Not affected

The JsonToBinaryStream() function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes...

1 affected packages

protobuf

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
protobuf Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-24786

Medium priority

Some fixes available 9 of 18

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the...

3 affected packages

golang-google-protobuf, google-guest-agent, google-osconfig-agent

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-google-protobuf Needs evaluation Needs evaluation Not in release
google-guest-agent Fixed Fixed Fixed Needs evaluation Needs evaluation
google-osconfig-agent Fixed Fixed Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-24535

Medium priority
Needs evaluation

Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic.

4 affected packages

golang-github-golang-protobuf-1-3, golang-github-golang-protobuf-1-5, golang-goprotobuf, google-guest-agent

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-github-golang-protobuf-1-3 Needs evaluation Not in release Not in release Ignored Ignored
golang-github-golang-protobuf-1-5 Needs evaluation Not in release Not in release Ignored Ignored
golang-goprotobuf Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
google-guest-agent Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-48468

Low priority
Needs evaluation

protobuf-c before 1.4.1 has an unsigned integer overflow in parse_required_member.

1 affected packages

protobuf-c

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
protobuf-c Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-3510

Medium priority
Ignored

A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing...

1 affected packages

protobuf

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
protobuf Ignored Ignored Ignored Ignored
Show less packages

CVE-2022-3509

Medium priority
Ignored

A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of...

1 affected packages

protobuf

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
protobuf Not affected Not affected Not affected Ignored
Show less packages

CVE-2022-3171

Medium priority
Ignored

A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages...

1 affected packages

protobuf

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
protobuf Ignored Ignored Ignored Ignored
Show less packages

CVE-2022-1941

Low priority

Some fixes available 5 of 6

A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2,...

1 affected packages

protobuf

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
protobuf Fixed Fixed Fixed Fixed
Show less packages

CVE-2022-33070

Medium priority

Some fixes available 8 of 73

Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.

9 affected packages

argyll, ccextractor, libgadu, libpg-query, libsignal-protocol-c...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
argyll Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ccextractor Needs evaluation Needs evaluation Needs evaluation
libgadu Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libpg-query Needs evaluation Needs evaluation
libsignal-protocol-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ocserv Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
pidgin Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
protobuf-c Fixed Fixed Fixed Needs evaluation Needs evaluation
sudo Not affected Fixed Not affected Not affected Not affected
Show all 9 packages Show less packages