Vulnerability Database
Blog
FAQ
Docs
GHSA-jwvw-v7c5-m82h
Suggest an improvement
Source
https://github.com/advisories/GHSA-jwvw-v7c5-m82h
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jwvw-v7c5-m82h/GHSA-jwvw-v7c5-m82h.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-jwvw-v7c5-m82h
Aliases
CVE-2015-5237
PYSEC-2017-65
Published
2022-05-13T01:06:54Z
Modified
2024-10-21T21:01:14.631656Z
Severity
8.8 (High)
CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS Calculator
8.7 (High)
CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Calculator
Summary
protobuf susceptible to buffer overflow
Details
protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.
References
https://nvd.nist.gov/vuln/detail/CVE-2015-5237
https://github.com/google/protobuf/issues/760
https://bugzilla.redhat.com/show_bug.cgi?id=1256426
https://lists.apache.org/thread.html/r320dc858da88846ba00bb077bcca2cdf75b7dde0f6eb3a3d60dba6a1@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r42e47994734cd1980ef3e204a40555336e10cc80096927aca2f37d90@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r42ef6acfb0d86a2df0c2390702ecbe97d2104a331560f2790d17ca69@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r4886108206d4c535db9b20c813fe4723d4fe6a91b9278382af8b9d08@%3Cissues.spark.apache.org%3E
https://lists.apache.org/thread.html/r4ef574a5621b0e670a3ce641e9922543e34f22bf4c9ee9584aa67fcf@%3Cissues.hbase.apache.org%3E
https://lists.apache.org/thread.html/r5741f4dbdd129dbb9885f5fb170dc1b24a06b9313bedef5e67fded94@%3Cissues.spark.apache.org%3E
https://lists.apache.org/thread.html/r5e52caf41dc49df55b4ee80758356fe1ff2a88179ff24c685de7c28d@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r764fc66435ee4d185d359c28c0887d3e5866d7292a8d5598d9e7cbc4@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r7fed8dd9bee494094e7011cf3c2ab75bd8754ea314c6734688c42932@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r85c9a764b573c786224688cc906c27e28343e18f5b33387f94cae90f@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/ra28fed69eef3a71e5fe5daea001d0456b05b102044237330ec5c7c82@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/rb40dc9d63a5331bce8e80865b7fa3af9dd31e16555affd697b6f3526@%3Cissues.spark.apache.org%3E
https://lists.apache.org/thread.html/rb71dac1d9dd4e8a8ae3dbc033aeae514eda9be1263c1df3b42a530a2@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/rd64381fb8f92d640c1975dc50dcdf1b8512e02a2a7b20292d3565cae@%3Cissues.hbase.apache.org%3E
https://lists.apache.org/thread.html/re6d04a214424a97ea59c62190d79316edf311a0a6346524dfef3b940@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/rf7539287c90be979bac94af9aaba34118fbf968864944b4871af48dd@%3Ccommits.pulsar.apache.org%3E
https://github.com/advisories/GHSA-jwvw-v7c5-m82h
https://github.com/google/protobuf
https://github.com/google/protobuf/releases/tag/v3.4.0
https://github.com/pypa/advisory-database/tree/main/vulns/protobuf/PYSEC-2017-65.yaml
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/r00097d0b5b6164ea428554007121d5dc1f88ba2af7b9e977a10572cd@%3Cdev.hbase.apache.org%3E
https://lists.apache.org/thread.html/r00d9ab1fc0f1daf14cd4386564dd84f7889404438d81462c86dfa836@%3Ccommon-dev.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cdev.flink.apache.org%3E
https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cuser.flink.apache.org%3E
https://lists.apache.org/thread.html/r0ca83171c4898dc92b86fa6f484a7be1dc96206765f4d01dce0f1b28@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r1263fa5b51e4ec3cb8f09ff40e4747428c71198e9bee93349ec96a3c@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r14fa8d38d5757254f1a2e112270c996711d514de2e3b01c93d397ab4@%3Cissues.spark.apache.org%3E
https://lists.apache.org/thread.html/r17dc6f394429f6bffb5e4c66555d93c2e9923cbbdc5a93db9a56c1c7@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r1d274d647b3c2060df9be21eade4ce56d3a59998cf19ac72662dd994@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r2ea33ce5591a9cb9ed52750b6ab42ab658f529a7028c3166ba93c7d5@%3Ccommon-issues.hadoop.apache.org%3E
http://www.openwall.com/lists/oss-security/2015/08/27/2
Affected packages
NuGet
/
Google.Protobuf
Package
Name
Google.Protobuf
View open source insights on deps.dev
Purl
pkg:nuget/Google.Protobuf
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
3.4.0
Affected versions
0.*
0.0.1-test1
3.*
3.0.0-alpha4
3.0.0-beta2
3.0.0-beta3
3.0.0-beta4
3.0.0
3.1.0
3.2.0-rc1
3.2.0-rc2
3.2.0
3.3.0
Maven
/
com.google.protobuf:protobuf-parent
Package
Name
com.google.protobuf:protobuf-parent
View open source insights on deps.dev
Purl
pkg:maven/com.google.protobuf/protobuf-parent
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
3.4.0
Affected versions
3.*
3.0.0-beta-3
3.0.0-beta-4
3.0.0
3.0.2
3.1.0
3.2.0rc2
3.2.0-rc.1
3.2.0
3.3.0
3.3.1
Go
/
github.com/protocolbuffers/protobuf
Package
Name
github.com/protocolbuffers/protobuf
View open source insights on deps.dev
Purl
pkg:golang/github.com/protocolbuffers/protobuf
Affected ranges
Type
SEMVER
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
3.4.0
Packagist
/
google/protobuf
Package
Name
google/protobuf
Purl
pkg:composer/google/protobuf
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
3.4.0
Affected versions
v3.*
v3.1.0-alpha-1
v3.2.0-alpha-1
v3.3.0rc1
v3.3.0
v3.3.1
v3.3.2
v3.4.0rc1
v3.4.0rc2
v3.4.0rc3
PyPI
/
protobuf
Package
Name
protobuf
View open source insights on deps.dev
Purl
pkg:pypi/protobuf
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
3.4.0
Affected versions
2.*
2.0.0beta
2.0.3
2.3.0
2.4.1
2.5.0
2.6.0
2.6.1
3.*
3.0.0a2
3.0.0a3
3.0.0b1
3.0.0b1.post1
3.0.0b1.post2
3.0.0b2
3.0.0b2.post1
3.0.0b2.post2
3.0.0b3
3.0.0b4
3.0.0
3.1.0
3.1.0.post1
3.2.0rc1
3.2.0rc1.post1
3.2.0rc2
3.2.0
3.3.0
GHSA-jwvw-v7c5-m82h - OSV