Search CVE reports
1 – 10 of 14 results
CVE-2024-7254
Medium priorityAny project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields...
1 affected packages
protobuf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| protobuf | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-2410
Medium priorityThe JsonToBinaryStream() function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes...
1 affected packages
protobuf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| protobuf | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2024-24786
Medium prioritySome fixes available 6 of 15
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the...
3 affected packages
golang-google-protobuf, google-guest-agent, google-osconfig-agent
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-google-protobuf | Needs evaluation | Needs evaluation | Not in release | — | — |
| google-guest-agent | Fixed | Fixed | Needs evaluation | Needs evaluation | Needs evaluation |
| google-osconfig-agent | Fixed | Fixed | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-24535
Medium priorityParsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic.
4 affected packages
golang-github-golang-protobuf-1-3, golang-github-golang-protobuf-1-5, golang-goprotobuf, google-guest-agent
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-github-golang-protobuf-1-3 | Needs evaluation | Not in release | Not in release | Ignored | Ignored |
| golang-github-golang-protobuf-1-5 | Needs evaluation | Not in release | Not in release | Ignored | Ignored |
| golang-goprotobuf | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| google-guest-agent | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2022-48468
Low priorityprotobuf-c before 1.4.1 has an unsigned integer overflow in parse_required_member.
1 affected packages
protobuf-c
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| protobuf-c | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-3510
Medium priorityA parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing...
1 affected packages
protobuf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| protobuf | — | Ignored | Ignored | Ignored | Ignored |
CVE-2022-3509
Medium priorityA parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of...
1 affected packages
protobuf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| protobuf | — | Not affected | Not affected | Not affected | Ignored |
CVE-2022-3171
Medium priorityA parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages...
1 affected packages
protobuf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| protobuf | — | Ignored | Ignored | Ignored | Ignored |
CVE-2022-1941
Low prioritySome fixes available 5 of 6
A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2,...
1 affected packages
protobuf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| protobuf | — | Fixed | Fixed | Fixed | Fixed |
CVE-2022-33070
Medium prioritySome fixes available 7 of 66
Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
9 affected packages
argyll, ccextractor, libgadu, libpg-query, libsignal-protocol-c...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| argyll | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ccextractor | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| libgadu | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libpg-query | Needs evaluation | Needs evaluation | — | — | — |
| libsignal-protocol-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
| ocserv | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| pidgin | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| protobuf-c | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
| sudo | Not affected | Fixed | Not affected | Not affected | Not affected |