VYPR

Maven package

com.google.protobuf/protobuf-kotlin-lite

pkg:maven/com.google.protobuf/protobuf-kotlin-lite

Vulnerabilities (2)

  • CVE-2024-7254Sep 19, 2024
    affected < 3.25.5fixed 3.25.5

    Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf

  • CVE-2022-3171Oct 12, 2022
    affected >= 3.21.0-rc-1, < 3.21.7fixed 3.21.7

    A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be