Описание
Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| golang-google-protobuf | not-affected | package |
Примечания
https://go-review.googlesource.com/c/protobuf/+/475995
https://github.com/golang/protobuf/issues/1530
https://github.com/protocolbuffers/protobuf-go/commit/edaf511a7a37a90db2727b600d699e1e8d2840b4 (v1.29.1)
https://github.com/advisories/GHSA-hw7c-3rfg-p46j
EPSS
Связанные уязвимости
Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic.
Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic.
Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic.
google.golang.org/protobuf vulnerable to panic leading to denial of service
EPSS