GHSA-jwvw-v7c5-m82h

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jwvw-v7c5-m82h/GHSA-jwvw-v7c5-m82h.json
Aliases
  • CVE-2015-5237
Published
2022-05-13T01:06:54Z
Modified
2022-06-17T22:25:16.563523Z
Details

protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.

References

Affected packages

NuGet / Google.Protobuf

Google.Protobuf

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
3.4.0

Affected versions

0.*

0.0.1-test1

3.*

3.0.0
3.0.0-alpha4
3.0.0-beta2
3.0.0-beta3
3.0.0-beta4
3.1.0
3.2.0
3.2.0-rc1
3.2.0-rc2
3.3.0

Maven / com.google.protobuf:protobuf-parent

com.google.protobuf:protobuf-parent

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
3.4.0

Affected versions

3.*

3.0.0
3.0.0-beta-3
3.0.0-beta-4
3.0.2
3.1.0
3.2.0
3.2.0-rc.1
3.2.0rc2
3.3.0
3.3.1

Go / github.com/protocolbuffers/protobuf

github.com/protocolbuffers/protobuf

Affected ranges

Type
SEMVER
Events
Introduced
0
Fixed
3.4.0

Affected versions

Packagist / google/protobuf

google/protobuf

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
3.4.0

Affected versions

PyPI / protobuf

protobuf

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
3.4.0

Affected versions

2.*

2.0.0beta
2.0.3
2.3.0
2.4.1
2.5.0
2.6.0
2.6.1

3.*

3.0.0
3.0.0a2
3.0.0a3
3.0.0b1
3.0.0b1.post1
3.0.0b1.post2
3.0.0b2
3.0.0b2.post1
3.0.0b2.post2
3.0.0b3
3.0.0b4
3.1.0
3.1.0.post1
3.2.0
3.2.0rc1
3.2.0rc1.post1
3.2.0rc2
3.3.0