CVE-2021-3121
gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.
Se detectó un problema en GoGo Protobuf versiones anteriores a 1.3.2. El archivo plugin/unmarshal/unmarshal.go carece de determinada comprobación de índice, también se conoce como el problema "skippy peanut butter"
A flaw was found in github.com/gogo/protobuf before 1.3.2 that allows an out-of-bounds access when unmarshalling certain protobuf objects. This flaw allows a remote attacker to send crafted protobuf messages, causing panic and resulting in a denial of service. The highest threat from this vulnerability is to availability.
Red Hat Advanced Cluster Management for Kubernetes 2.2.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console-with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. Issues addressed include code execution, denial of service, integer overflow, and null pointer vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-11 CVE Reserved
- 2021-01-11 CVE Published
- 2024-08-03 CVE Updated
- 2025-06-01 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-129: Improper Validation of Array Index
CAPEC
References (9)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc | 2023-11-07 | |
| https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2 | 2023-11-07 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2021-3121 | 2022-10-12 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1921650 | 2022-10-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Golang Search vendor "Golang" | Protobuf Search vendor "Golang" for product "Protobuf" | < 1.3.2 Search vendor "Golang" for product "Protobuf" and version " < 1.3.2" | - |
Affected
| ||||||
| Hashicorp Search vendor "Hashicorp" | Consul Search vendor "Hashicorp" for product "Consul" | < 1.8.15 Search vendor "Hashicorp" for product "Consul" and version " < 1.8.15" | - |
Affected
| ||||||
| Hashicorp Search vendor "Hashicorp" | Consul Search vendor "Hashicorp" for product "Consul" | < 1.8.15 Search vendor "Hashicorp" for product "Consul" and version " < 1.8.15" | enterprise |
Affected
| ||||||
| Hashicorp Search vendor "Hashicorp" | Consul Search vendor "Hashicorp" for product "Consul" | >= 1.9.0 < 1.9.9 Search vendor "Hashicorp" for product "Consul" and version " >= 1.9.0 < 1.9.9" | - |
Affected
| ||||||
| Hashicorp Search vendor "Hashicorp" | Consul Search vendor "Hashicorp" for product "Consul" | >= 1.9.0 < 1.9.9 Search vendor "Hashicorp" for product "Consul" and version " >= 1.9.0 < 1.9.9" | enterprise |
Affected
| ||||||
| Hashicorp Search vendor "Hashicorp" | Consul Search vendor "Hashicorp" for product "Consul" | >= 1.10.0 < 1.10.2 Search vendor "Hashicorp" for product "Consul" and version " >= 1.10.0 < 1.10.2" | - |
Affected
| ||||||
| Hashicorp Search vendor "Hashicorp" | Consul Search vendor "Hashicorp" for product "Consul" | >= 1.10.0 < 1.10.2 Search vendor "Hashicorp" for product "Consul" and version " >= 1.10.0 < 1.10.2" | enterprise |
Affected
| ||||||