Exploit Report

Computer Security And Bug Information


CVE Ordinal Value236784
Published Date2022-09-22T15:15Z
Modified Date2022-09-27T23:15Z
CWE TypeCWE-119
DescriptionA parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated.
By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites.
Reference URLhttps://cloud.google.com/support/bulletins#GCP-2022-019
Reference DescriptionCONFIRM https://cloud.google.com/support/bulletins#GCP-2022-019
Reference URLhttps://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf
Reference DescriptionCONFIRM https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf
Reference URLhttp://www.openwall.com/lists/oss-security/2022/09/27/1
Reference DescriptionMLIST [oss-security] 20220927 CVE-2022-1941: Protobuf C++, Python DoS
TagsThird Party Advisory

This site's data is aggregated programmatically and provided "as is" without any representations or warranties, express or implied. Exploit.report is not affiliated with the The MITRE Corporation, U.S. Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), or US government in any way. CVE and the CVE logo are registered trademarks of The MITRE Corporation

© 2022 Exploit.Report | Data | Contact | Privacy Policy | Articles