Unrated severityNVD Advisory· Published Jun 22, 2022· Updated Aug 3, 2024
CVE-2022-33070
CVE-2022-33070
Description
Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8- Protobuf-c/Protobuf-cdescription
- Range: =1.4.0
- osv-coords6 versionspkg:apk/chainguard/protobuf-cpkg:apk/chainguard/protobuf-c-compilerpkg:apk/chainguard/protobuf-c-devpkg:apk/wolfi/protobuf-cpkg:apk/wolfi/protobuf-c-compilerpkg:apk/wolfi/protobuf-c-dev
< 0+ 5 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
Patches
Vulnerability mechanics
References
3- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFN2GHUEGTSHRD7J5PKQ5DRSJSEQ2IKN/mitrevendor-advisoryx_refsource_FEDORA
- github.com/protobuf-c/protobuf-c/issues/506mitrex_refsource_MISC
- github.com/protobuf-c/protobuf-c/pull/508mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.