Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
google protobuf vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-24786
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
1 Github repository
7.5
CVSSv3
CVE-2022-3510
A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions before 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated...
Google Protobuf-javalite
Google Protobuf-java
7.5
CVSSv3
CVE-2022-3509
A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions before 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown f...
Google Protobuf-javalite
Google Protobuf-java
7.5
CVSSv3
CVE-2022-3171
A parsing issue with binary data in protobuf-java core and lite versions before 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be co...
Google Protobuf-java
Google Protobuf-kotlin-lite
Google Protobuf-kotlin
Google Protobuf-javalite
Google Google-protobuf
Fedoraproject Fedora 37
7.5
CVSSv3
CVE-2022-1941
A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can...
Google Protobuf-cpp
Google Protobuf-python
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Debian Debian Linux 10.0
2 Github repositories
7.8
CVSSv3
CVE-2022-20203
In multiple locations of the nanopb library, there is a possible way to corrupt memory when decoding untrusted protobuf files. This could lead to local escalation of privilege,with no additional execution privileges needed. User interaction is not needed for exploitation.
Google Android 12.1
6.5
CVSSv3
CVE-2022-23564
Tensorflow is an Open Source Machine Learning Framework. When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlled arguments. This allows malicious users to cause denial of serv...
Google Tensorflow
Google Tensorflow 2.7.0
6.5
CVSSv3
CVE-2022-23570
Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a `DCHECK`. However, `DCHECK` is a no-op...
Google Tensorflow
Google Tensorflow 2.7.0
6.5
CVSSv3
CVE-2022-23583
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that any binary op would trigger `CHECK` failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such tha...
Google Tensorflow 2.7.0
Google Tensorflow
6.5
CVSSv3
CVE-2022-23571
Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlled arguments, if the tensors have an invalid `dtype` and 0 elements or an invalid...
Google Tensorflow
Google Tensorflow 2.7.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »