CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24535 – Panic when parsing invalid messages in google.golang.org/protobuf
https://notcve.org/view.php?id=CVE-2023-24535
Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic. • https://github.com/golang/protobuf/issues/1530 https://go.dev/cl/475995 https://pkg.go.dev/vuln/GO-2023-1631 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2021-22570 – Nullptr Dereference in Protobuf
https://notcve.org/view.php?id=CVE-2021-22570
Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater. Una desreferencia de puntero Null cuando un char nulo está presente en un símbolo proto. • https://github.com/protocolbuffers/protobuf/releases/tag/v3.15.0 https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DVUZPALAQ34TQP6KFNLM4IZS6B32XSA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BTRGBRC5KGCA4SK5MUNLPYJRAGXMBIYY https://lists.fedoraproject.org/archi • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-5237
https://notcve.org/view.php?id=CVE-2015-5237
protobuf allows remote authenticated attackers to cause a heap-based buffer overflow. protobuf permite que los usuarios autenticados remotos provoquen un desbordamiento de búfer basado en memoria dinámica (heap). • http://www.openwall.com/lists/oss-security/2015/08/27/2 https://bugzilla.redhat.com/show_bug.cgi?id=1256426 https://github.com/google/protobuf/issues/760 https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E https://lists.a • CWE-787: Out-of-bounds Write •