rpm package
suse/protobuf&distro=SUSE Linux Enterprise Installer Updates 15 SP2
pkg:rpm/suse/protobuf&distro=SUSE%20Linux%20Enterprise%20Installer%20Updates%2015%20SP2
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-3171 | — | < 3.9.2-150200.4.19.2 | 3.9.2-150200.4.19.2 | Oct 12, 2022 | A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be | ||
| CVE-2022-1941 | — | < 3.9.2-150200.4.19.2 | 3.9.2-150200.4.19.2 | Sep 22, 2022 | A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can | ||
| CVE-2021-22570 | — | < 3.9.2-4.12.1 | 3.9.2-4.12.1 | Jan 26, 2022 | Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend | ||
| CVE-2021-22569 | — | < 3.9.2-150200.4.19.2 | 3.9.2-150200.4.19.2 | Jan 7, 2022 | An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause fre |
- CVE-2022-3171Oct 12, 2022affected < 3.9.2-150200.4.19.2fixed 3.9.2-150200.4.19.2
A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be
- CVE-2022-1941Sep 22, 2022affected < 3.9.2-150200.4.19.2fixed 3.9.2-150200.4.19.2
A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can
- CVE-2021-22570Jan 26, 2022affected < 3.9.2-4.12.1fixed 3.9.2-4.12.1
Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend
- CVE-2021-22569Jan 7, 2022affected < 3.9.2-150200.4.19.2fixed 3.9.2-150200.4.19.2
An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause fre