GHSA-jwvw-v7c5-m82h

Suggest an improvement
Source
https://github.com/advisories/GHSA-jwvw-v7c5-m82h
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jwvw-v7c5-m82h/GHSA-jwvw-v7c5-m82h.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-jwvw-v7c5-m82h
Aliases
Published
2022-05-13T01:06:54Z
Modified
2024-10-21T21:01:14.631656Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
  • 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
protobuf susceptible to buffer overflow
Details

protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.

References

Affected packages

NuGet / Google.Protobuf

Package

Name
Google.Protobuf
View open source insights on deps.dev
Purl
pkg:nuget/Google.Protobuf

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.0

Affected versions

0.*

0.0.1-test1

3.*

3.0.0-alpha4
3.0.0-beta2
3.0.0-beta3
3.0.0-beta4
3.0.0
3.1.0
3.2.0-rc1
3.2.0-rc2
3.2.0
3.3.0

Maven / com.google.protobuf:protobuf-parent

Package

Name
com.google.protobuf:protobuf-parent
View open source insights on deps.dev
Purl
pkg:maven/com.google.protobuf/protobuf-parent

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.0

Affected versions

3.*

3.0.0-beta-3
3.0.0-beta-4
3.0.0
3.0.2
3.1.0
3.2.0rc2
3.2.0-rc.1
3.2.0
3.3.0
3.3.1

Go / github.com/protocolbuffers/protobuf

Package

Name
github.com/protocolbuffers/protobuf
View open source insights on deps.dev
Purl
pkg:golang/github.com/protocolbuffers/protobuf

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.0

Packagist / google/protobuf

Package

Name
google/protobuf
Purl
pkg:composer/google/protobuf

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.0

Affected versions

v3.*

v3.1.0-alpha-1
v3.2.0-alpha-1
v3.3.0rc1
v3.3.0
v3.3.1
v3.3.2
v3.4.0rc1
v3.4.0rc2
v3.4.0rc3

PyPI / protobuf

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.0

Affected versions

2.*

2.0.0beta
2.0.3
2.3.0
2.4.1
2.5.0
2.6.0
2.6.1

3.*

3.0.0a2
3.0.0a3
3.0.0b1
3.0.0b1.post1
3.0.0b1.post2
3.0.0b2
3.0.0b2.post1
3.0.0b2.post2
3.0.0b3
3.0.0b4
3.0.0
3.1.0
3.1.0.post1
3.2.0rc1
3.2.0rc1.post1
3.2.0rc2
3.2.0
3.3.0