Описание
Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
A flaw was found in protobuf-c. The issue occurs due to an invalid arithmetic shift via the parse_tag_and_wiretype in the protobuf-c/protobuf-c.c function. This flaw allows attackers to cause a denial of service (DoS) via unspecified vectors.
Отчет
The vulnerability has been marked low as exploiting this vulnerability is highly unlikely to be possible as user input isn't taken by the vulnerable functions.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | protobuf-c | Out of support scope | ||
| Red Hat Enterprise Linux 8 | protobuf-c | Fix deferred | ||
| Red Hat Enterprise Linux 9 | protobuf-c | Fix deferred |
Показывать по
Дополнительная информация
Статус:
3.1 Low
CVSS3
Связанные уязвимости
Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shif ...
Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
Уязвимость функции parse_tag_and_wiretype компонента protobuf-c.c протокола сериализации данных на языке программирования C Protobuf-c, позволяющая нарушителю вызвать отказ в обслуживании
3.1 Low
CVSS3