CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48468 – protobuf-c: unsigned integer overflow in parse_required_member
https://notcve.org/view.php?id=CVE-2022-48468
13 Apr 2023 — protobuf-c before 1.4.1 has an unsigned integer overflow in parse_required_member. A vulnerability was found in protobuf-c. This security flaw leads to an unsigned integer overflow in parse_required_member. Multiple vulnerabilities have been discovered in protobuf-c, the worst of which could result in denial of service. Versions greater than or equal to 1.4.1 are affected. • https://github.com/protobuf-c/protobuf-c/commit/ec3d900001a13ccdaa8aef996b34c61159c76217 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 2CVE-2022-33070 – Ubuntu Security Notice USN-5811-1
https://notcve.org/view.php?id=CVE-2022-33070
22 Jun 2022 — Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. Se ha detectado que Protobuf-c versión v1.4.0, contiene un desplazamiento aritmético no válido por medio de la función parse_tag_and_wiretype en el archivo protobuf-c/protobuf-c.c. Esta vulnerabilidad permite a atacantes causar una Denegación de Servicio (DoS) por medio de ve... • https://github.com/protobuf-c/protobuf-c/issues/506 •