CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-24786 – Infinite loop in JSON unmarshaling in google.golang.org/protobuf
https://notcve.org/view.php?id=CVE-2024-24786
05 Mar 2024 — The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set. La función protojson.Unmarshal puede entrar en un bucle infinito al descomponer ciertas formas de JSON no válido. Esta condición puede ocurrir al descomponer en un mensaje que contiene un valor google.protobuf.Any, o cuando la opción Unmarsha... • http://www.openwall.com/lists/oss-security/2024/03/08/4 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24535 – Panic when parsing invalid messages in google.golang.org/protobuf
https://notcve.org/view.php?id=CVE-2023-24535
08 Jun 2023 — Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic. • https://github.com/golang/protobuf/issues/1530 • CWE-125: Out-of-bounds Read •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48468 – protobuf-c: unsigned integer overflow in parse_required_member
https://notcve.org/view.php?id=CVE-2022-48468
13 Apr 2023 — protobuf-c before 1.4.1 has an unsigned integer overflow in parse_required_member. A vulnerability was found in protobuf-c. This security flaw leads to an unsigned integer overflow in parse_required_member. Multiple vulnerabilities have been discovered in protobuf-c, the worst of which could result in denial of service. Versions greater than or equal to 1.4.1 are affected. • https://github.com/protobuf-c/protobuf-c/commit/ec3d900001a13ccdaa8aef996b34c61159c76217 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 2CVE-2022-33070 – Ubuntu Security Notice USN-5811-1
https://notcve.org/view.php?id=CVE-2022-33070
22 Jun 2022 — Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. Se ha detectado que Protobuf-c versión v1.4.0, contiene un desplazamiento aritmético no válido por medio de la función parse_tag_and_wiretype en el archivo protobuf-c/protobuf-c.c. Esta vulnerabilidad permite a atacantes causar una Denegación de Servicio (DoS) por medio de ve... • https://github.com/protobuf-c/protobuf-c/issues/506 •
CVSS: 7.5EPSS: 3%CPEs: 3EXPL: 0CVE-2019-15544
https://notcve.org/view.php?id=CVE-2019-15544
26 Aug 2019 — An issue was discovered in the protobuf crate before 2.6.0 for Rust. Attackers can exhaust all memory via Vec::reserve calls. Se descubrió un problema en el paquete protobuf antes de 2.6.0 para Rust. Los atacantes pueden agotar toda la memoria a través de llamadas Vec :: reserve. • https://lists.apache.org/thread.html/r00097d0b5b6164ea428554007121d5dc1f88ba2af7b9e977a10572cd%40%3Cdev.hbase.apache.org%3E • CWE-770: Allocation of Resources Without Limits or Throttling •