It was discovered that protobuf did not properly manage memory when serializing large messages. An attacker could possibly use this issue to cause applications using protobuf to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-5237)
It was discovered that protobuf did not properly manage memory when parsing specifically crafted messages. An attacker could possibly use this issue to cause applications using protobuf to crash, resulting in a denial of service. (CVE-2022-1941)
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "binaries": [ { "libprotobuf-java": "2.6.1-1.3ubuntu0.1~esm2", "python-protobuf": "2.6.1-1.3ubuntu0.1~esm2", "libprotoc-dev": "2.6.1-1.3ubuntu0.1~esm2", "libprotoc9v5-dbgsym": "2.6.1-1.3ubuntu0.1~esm2", "protobuf-compiler": "2.6.1-1.3ubuntu0.1~esm2", "libprotobuf-dev": "2.6.1-1.3ubuntu0.1~esm2", "libprotobuf9v5-dbgsym": "2.6.1-1.3ubuntu0.1~esm2", "protobuf-compiler-dbgsym": "2.6.1-1.3ubuntu0.1~esm2", "libprotobuf-lite9v5": "2.6.1-1.3ubuntu0.1~esm2", "libprotobuf-lite9v5-dbgsym": "2.6.1-1.3ubuntu0.1~esm2", "libprotobuf9v5": "2.6.1-1.3ubuntu0.1~esm2", "libprotoc9v5": "2.6.1-1.3ubuntu0.1~esm2" } ] }