Описание
Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| protobuf-c | fixed | 1.4.1-1 | package | |
| protobuf-c | no-dsa | bullseye | package | |
| protobuf-c | no-dsa | buster | package |
Примечания
https://github.com/protobuf-c/protobuf-c/issues/506
https://github.com/protobuf-c/protobuf-c/pull/508
https://github.com/protobuf-c/protobuf-c/commit/6e389ce2c34355d36009a8fb1666bed29fa2d4f4 (v1.4.1)
EPSS
Связанные уязвимости
Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
Уязвимость функции parse_tag_and_wiretype компонента protobuf-c.c протокола сериализации данных на языке программирования C Protobuf-c, позволяющая нарушителю вызвать отказ в обслуживании
EPSS