Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2025:7138

Опубликовано: 04 окт. 2025
Источник: rocky
Оценка: Moderate

Описание

Moderate: protobuf security update

The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can encode structured data in an efficient yet extensible format, and provide a flexible, efficient, and automated mechanism for serializing structured data.

Security Fix(es):

  • protobuf: message parsing vulnerability in ProtocolBuffers (CVE-2022-1941)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 9 Release Notes linked from the References section.

Затронутые продукты

  • Rocky Linux 9

НаименованиеАрхитектураРелизRPM
protobufi68616.el9protobuf-3.14.0-16.el9.i686.rpm
protobufx86_6416.el9protobuf-3.14.0-16.el9.x86_64.rpm
protobuf-litei68616.el9protobuf-lite-3.14.0-16.el9.i686.rpm
protobuf-litex86_6416.el9protobuf-lite-3.14.0-16.el9.x86_64.rpm
python3-protobufnoarch16.el9python3-protobuf-3.14.0-16.el9.noarch.rpm
python3-protobufnoarch16.el9python3-protobuf-3.14.0-16.el9.noarch.rpm
python3-protobufnoarch16.el9python3-protobuf-3.14.0-16.el9.noarch.rpm
python3-protobufnoarch16.el9python3-protobuf-3.14.0-16.el9.noarch.rpm

Показывать по

Связанные CVE

CVE-2022-1941

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2022-1941

CVSS3: 7.5
ubuntu
около 3 лет назад

A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated.

redhat логотип

CVE-2022-1941

CVSS3: 6.5
redhat
около 3 лет назад

A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated.

nvd логотип

CVE-2022-1941

CVSS3: 7.5
nvd
около 3 лет назад

A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated.

msrc логотип

CVE-2022-1941

CVSS3: 7.5
msrc
около 1 года назад

Описание отсутствует

debian логотип

CVE-2022-1941

CVSS3: 7.5
debian
около 3 лет назад

A parsing vulnerability for the MessageSet type in the ProtocolBuffers ...