Описание
The JsonToBinaryStream() function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes from a chunk that has already been freed.
A flaw was found in protobuf, the protocol buffer C++ implementation. A use-after-free can be triggered when reading a crafted JSON input split into separate chunks with the JsonToBinaryStream function. A successful attack may result in data leak or corruption or cause the application to crash.
Отчет
The protobuf package, as shipped in Red Hat Enterprise Linux 7, 8 and 9, is not affected by this vulnerability because the vulnerable code was introduced in a newer version of protobuf.
Меры по смягчению последствий
Do not parse a JSON input split into separated chunks using the JsonToBinaryStream function.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Automation Platform 2 | python3x-protobuf | Not affected | ||
| Red Hat Ansible Automation Platform 2 | python-protobuf | Not affected | ||
| Red Hat Enterprise Linux 10 | protobuf | Not affected | ||
| Red Hat Enterprise Linux 7 | protobuf | Not affected | ||
| Red Hat Enterprise Linux 8 | protobuf | Not affected | ||
| Red Hat Enterprise Linux 9 | fence-agents | Not affected | ||
| Red Hat Enterprise Linux 9 | protobuf | Not affected | ||
| Red Hat OpenStack Platform 16.1 | protobuf | Out of support scope | ||
| Red Hat OpenStack Platform 16.2 | protobuf | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
7.3 High
CVSS3
Связанные уязвимости
The JsonToBinaryStream() function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes from a chunk that has already been freed.
The JsonToBinaryStream() function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes from a chunk that has already been freed.
The JsonToBinaryStream()function is part of the protocol buffers C++ i ...
The JsonToBinaryStream() function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes from a chunk that has already been freed.
EPSS
7.3 High
CVSS3