VYPR

rpm package

suse/protobuf&distro=SUSE Linux Enterprise Module for Development Tools 15 SP4

pkg:rpm/suse/protobuf&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4

Vulnerabilities (3)

  • CVE-2022-3171Oct 12, 2022
    affected < 3.9.2-150200.4.19.2fixed 3.9.2-150200.4.19.2

    A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be

  • CVE-2022-1941Sep 22, 2022
    affected < 3.9.2-150200.4.19.2fixed 3.9.2-150200.4.19.2

    A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can

  • CVE-2021-22569Jan 7, 2022
    affected < 3.9.2-150200.4.19.2fixed 3.9.2-150200.4.19.2

    An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause fre