CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24535 – Panic when parsing invalid messages in google.golang.org/protobuf
https://notcve.org/view.php?id=CVE-2023-24535
08 Jun 2023 — Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic. • https://github.com/golang/protobuf/issues/1530 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2021-22570 – Nullptr Dereference in Protobuf
https://notcve.org/view.php?id=CVE-2021-22570
26 Jan 2022 — Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater. Una desreferencia de puntero Null cuando un char nulo está presente en un símbolo proto. • https://github.com/protocolbuffers/protobuf/releases/tag/v3.15.0 • CWE-476: NULL Pointer Dereference •
CVSS: 8.6EPSS: 0%CPEs: 7EXPL: 0CVE-2021-3121 – gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
https://notcve.org/view.php?id=CVE-2021-3121
11 Jan 2021 — An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue. Se detectó un problema en GoGo Protobuf versiones anteriores a 1.3.2. El archivo plugin/unmarshal/unmarshal.go carece de determinada comprobación de índice, también se conoce como el problema "skippy peanut butter" A flaw was found in github.com/gogo/protobuf before 1.3.2 that allows an out-of-bounds access when unmarshalling certain protobuf objects... • https://discuss.hashicorp.com/t/hcsec-2021-23-consul-exposed-to-denial-of-service-in-gogo-protobuf-dependency/29025 • CWE-129: Improper Validation of Array Index •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5237 – Ubuntu Security Notice USN-5769-1
https://notcve.org/view.php?id=CVE-2015-5237
25 Sep 2017 — protobuf allows remote authenticated attackers to cause a heap-based buffer overflow. protobuf permite que los usuarios autenticados remotos provoquen un desbordamiento de búfer basado en memoria dinámica (heap). It was discovered that protobuf did not properly manage memory when serializing large messages. An attacker could possibly use this issue to cause applications using protobuf to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that protobuf did not prop... • http://www.openwall.com/lists/oss-security/2015/08/27/2 • CWE-787: Out-of-bounds Write •