VYPR

rpm package

suse/protobuf&distro=SUSE Linux Enterprise Module for Package Hub 15 SP4

pkg:rpm/suse/protobuf&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4

Vulnerabilities (4)

  • CVE-2022-3171Oct 12, 2022
    affected < 3.9.2-150200.4.19.2fixed 3.9.2-150200.4.19.2

    A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be

  • CVE-2022-1941Sep 22, 2022
    affected < 3.9.2-150200.4.19.2fixed 3.9.2-150200.4.19.2

    A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can

  • CVE-2021-22570Jan 26, 2022
    affected < 3.9.2-4.12.1fixed 3.9.2-4.12.1

    Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend

  • CVE-2021-22569Jan 7, 2022
    affected < 3.9.2-150200.4.19.2fixed 3.9.2-150200.4.19.2

    An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause fre