High severity8.6NVD Advisory· Published Jan 11, 2021· Updated Jun 17, 2026
CVE-2021-3121
CVE-2021-3121
Description
An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/gogo/protobufGo | < 1.3.2 | 1.3.2 |
Affected products
72- GoGo/Protobufdescription
- osv-coords71 versionspkg:apk/chainguard/ctoppkg:apk/chainguard/k3dpkg:apk/chainguard/k3d-proxypkg:apk/chainguard/k3d-toolspkg:apk/chainguard/kubeflowpkg:apk/chainguard/kubeflow-access-managementpkg:apk/chainguard/kubeflow-access-management-compatpkg:apk/chainguard/kubeflow-access-management-fipspkg:apk/chainguard/kubeflow-access-management-fips-compatpkg:apk/chainguard/kubeflow-admission-webhookpkg:apk/chainguard/kubeflow-admission-webhook-compatpkg:apk/chainguard/kubeflow-admission-webhook-fipspkg:apk/chainguard/kubeflow-admission-webhook-fips-compatpkg:apk/chainguard/kubeflow-fipspkg:apk/chainguard/kubeflow-notebook-controllerpkg:apk/chainguard/kubeflow-notebook-controller-compatpkg:apk/chainguard/kubeflow-notebook-controller-fipspkg:apk/chainguard/kubeflow-notebook-controller-fips-compatpkg:apk/chainguard/kubeflow-profile-controllerpkg:apk/chainguard/kubeflow-profile-controller-compatpkg:apk/chainguard/kubeflow-profile-controller-fipspkg:apk/chainguard/kubeflow-profile-controller-fips-compatpkg:apk/chainguard/kubeflow-pvcviewer-controllerpkg:apk/chainguard/kubeflow-pvcviewer-controller-compatpkg:apk/chainguard/kubeflow-pvcviewer-controller-fipspkg:apk/chainguard/kubeflow-pvcviewer-controller-fips-compatpkg:apk/chainguard/kubeflow-tensorboard-controllerpkg:apk/chainguard/kubeflow-tensorboard-controller-compatpkg:apk/chainguard/kubeflow-tensorboard-controller-fipspkg:apk/chainguard/kubeflow-tensorboard-controller-fips-compatpkg:apk/chainguard/protobuf-cpkg:apk/chainguard/protobuf-c-compilerpkg:apk/chainguard/protobuf-c-devpkg:apk/wolfi/ctoppkg:apk/wolfi/k3dpkg:apk/wolfi/k3d-proxypkg:apk/wolfi/k3d-toolspkg:apk/wolfi/kubeflowpkg:apk/wolfi/kubeflow-access-managementpkg:apk/wolfi/kubeflow-access-management-compatpkg:apk/wolfi/kubeflow-admission-webhookpkg:apk/wolfi/kubeflow-admission-webhook-compatpkg:apk/wolfi/kubeflow-notebook-controllerpkg:apk/wolfi/kubeflow-notebook-controller-compatpkg:apk/wolfi/kubeflow-profile-controllerpkg:apk/wolfi/kubeflow-profile-controller-compatpkg:apk/wolfi/kubeflow-pvcviewer-controllerpkg:apk/wolfi/kubeflow-pvcviewer-controller-compatpkg:apk/wolfi/kubeflow-tensorboard-controllerpkg:apk/wolfi/kubeflow-tensorboard-controller-compatpkg:apk/wolfi/protobuf-cpkg:apk/wolfi/protobuf-c-compilerpkg:apk/wolfi/protobuf-c-devpkg:bitnami/consulpkg:bitnami/protobufpkg:golang/github.com/gogo/protobufpkg:rpm/opensuse/kubernetes1.18&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kubernetes1.18&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/kubernetes1.19&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/kubernetes1.20&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/kubernetes1.21&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/velero&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/velero-plugin-for-aws&distro=openSUSE%20Tumbleweedpkg:rpm/suse/kubernetes1.18&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/kubernetes1.18&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/kubernetes1.18&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/kubernetes1.18&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/kubernetes1.18&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/kubernetes1.18&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/kubernetes1.18&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/kubernetes1.18&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4
< 0.7.7-r13+ 70 more
- (no CPE)range: < 0.7.7-r13
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 1.10.0-r3
- (no CPE)range: < 1.10.0-r3
- (no CPE)range: < 1.10.0-r3
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r3
- (no CPE)range: < 1.10.0-r3
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r3
- (no CPE)range: < 1.10.0-r3
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r3
- (no CPE)range: < 1.10.0-r3
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r3
- (no CPE)range: < 1.10.0-r3
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r3
- (no CPE)range: < 1.10.0-r3
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0.7.7-r13
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 1.10.0-r3
- (no CPE)range: < 1.10.0-r3
- (no CPE)range: < 1.10.0-r3
- (no CPE)range: < 1.10.0-r3
- (no CPE)range: < 1.10.0-r3
- (no CPE)range: < 1.10.0-r3
- (no CPE)range: < 1.10.0-r3
- (no CPE)range: < 1.10.0-r3
- (no CPE)range: < 1.10.0-r3
- (no CPE)range: < 1.10.0-r3
- (no CPE)range: < 1.10.0-r3
- (no CPE)range: < 1.10.0-r3
- (no CPE)range: < 1.10.0-r3
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.8.15
- (no CPE)range: < 1.3.2
- (no CPE)range: < 1.3.2
- (no CPE)range: < 1.18.20-150200.5.25.1
- (no CPE)range: < 1.18.20-1.2
- (no CPE)range: < 1.19.15-1.1
- (no CPE)range: < 1.20.11-1.1
- (no CPE)range: < 1.21.5-1.1
- (no CPE)range: < 1.7.0-1.1
- (no CPE)range: < 1.3.0-1.1
- (no CPE)range: < 1.18.20-150200.5.25.1
- (no CPE)range: < 1.18.20-150200.5.25.1
- (no CPE)range: < 1.18.20-150200.5.25.1
- (no CPE)range: < 1.18.20-150200.5.25.1
- (no CPE)range: < 1.18.20-150200.5.25.1
- (no CPE)range: < 1.18.20-150200.5.25.1
- (no CPE)range: < 1.18.20-150200.5.25.1
- (no CPE)range: < 1.18.20-150200.5.25.1
Patches
Vulnerability mechanics
References
14- github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bcnvdPatchThird Party AdvisoryWEB
- github.com/gogo/protobuf/compare/v1.3.1...v1.3.2nvdPatchThird Party AdvisoryWEB
- discuss.hashicorp.com/t/hcsec-2021-23-consul-exposed-to-denial-of-service-in-gogo-protobuf-dependency/29025nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-c3h9-896r-86jmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-3121ghsaADVISORY
- security.netapp.com/advisory/ntap-20210219-0006/nvdThird Party Advisory
- lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e@%3Ccommits.pulsar.apache.org%3EghsaWEB
- lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44@%3Ccommits.pulsar.apache.org%3EghsaWEB
- pkg.go.dev/vuln/GO-2021-0053ghsaWEB
- security.netapp.com/advisory/ntap-20210219-0006ghsaWEB
- lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff%40%3Cnotifications.skywalking.apache.org%3Envd
- lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e%40%3Ccommits.pulsar.apache.org%3Envd
- lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44%40%3Ccommits.pulsar.apache.org%3Envd
News mentions
0No linked articles in our index yet.