CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48468 – protobuf-c: unsigned integer overflow in parse_required_member
https://notcve.org/view.php?id=CVE-2022-48468
protobuf-c before 1.4.1 has an unsigned integer overflow in parse_required_member. A vulnerability was found in protobuf-c. This security flaw leads to an unsigned integer overflow in parse_required_member. • https://github.com/protobuf-c/protobuf-c/commit/ec3d900001a13ccdaa8aef996b34c61159c76217 https://github.com/protobuf-c/protobuf-c/issues/499 https://github.com/protobuf-c/protobuf-c/pull/513 https://github.com/protobuf-c/protobuf-c/releases/tag/v1.4.1 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI4JZSHJXW7WOOTAQSV5SUCC5GE2GC2B https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UGLZZYPOLI733DPETL444E3GY5KSS6LG https://lists.fedorapro • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 2CVE-2022-33070
https://notcve.org/view.php?id=CVE-2022-33070
Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. Se ha detectado que Protobuf-c versión v1.4.0, contiene un desplazamiento aritmético no válido por medio de la función parse_tag_and_wiretype en el archivo protobuf-c/protobuf-c.c. Esta vulnerabilidad permite a atacantes causar una Denegación de Servicio (DoS) por medio de vectores no especificados • https://github.com/protobuf-c/protobuf-c/issues/506 https://github.com/protobuf-c/protobuf-c/pull/508 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFN2GHUEGTSHRD7J5PKQ5DRSJSEQ2IKN •