Search CVE reports
11 – 14 of 14 results
CVE-2021-22570
Low prioritySome fixes available 6 of 7
Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is...
1 affected packages
protobuf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| protobuf | — | Fixed | Fixed | Fixed | Fixed |
CVE-2021-22569
Low prioritySome fixes available 5 of 7
An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating...
1 affected packages
protobuf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| protobuf | — | Fixed | Fixed | Fixed | Ignored |
CVE-2021-3121
Medium prioritySome fixes available 8 of 12
An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.
1 affected packages
golang-gogoprotobuf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-gogoprotobuf | Fixed | Fixed | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2015-5237
Low prioritySome fixes available 1 of 14
protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.
1 affected packages
protobuf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| protobuf | Not affected | Not affected | Not affected | Vulnerable | Fixed |