Page 4 of 18 results (0.011 seconds)

CVSS: 8.6EPSS: 1%CPEs: 7EXPL: 0

An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue. Se detectó un problema en GoGo Protobuf versiones anteriores a 1.3.2. El archivo plugin/unmarshal/unmarshal.go carece de determinada comprobación de índice, también se conoce como el problema "skippy peanut butter" A flaw was found in github.com/gogo/protobuf before 1.3.2 that allows an out-of-bounds access when unmarshalling certain protobuf objects. This flaw allows a remote attacker to send crafted protobuf messages, causing panic and resulting in a denial of service. The highest threat from this vulnerability is to availability. • https://discuss.hashicorp.com/t/hcsec-2021-23-consul-exposed-to-denial-of-service-in-gogo-protobuf-dependency/29025 https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2 https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff%40%3Cnotifications.skywalking.apache.org%3E https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e%40%3Ccommits.pulsar.apache.org%3E https://lists.apache.org&#x • CWE-129: Improper Validation of Array Index •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6. HashiCorp Consul y Consul Enterprise versiones 1.2.0 hasta 1.8.5, permitieron a operadores con operador: leer unos permisos ACL para leer la configuración de la clave privada de Connect CA. Corregido en versiones 1.6.10, 1.7.10 y 1.8.6 • https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#186-november-19-2020 https://security.gentoo.org/glsa/202208-09 https://www.hashicorp.com/blog/category/consul • CWE-863: Incorrect Authorization •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and 1.8.5. HashiCorp Consul Enterprise versiones 1.7.0 hasta 1.8.4, incluye un error de replicación de espacio de nombres que puede ser activado para causar una denegación de servicio por medio de escrituras Raft infinitas. Corregido en versiones 1.7.9 y 1.8.5 • https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#185-october-23-2020 https://security.gentoo.org/glsa/202208-09 https://www.hashicorp.com/blog/category/consul •