Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2022-1941

Published: 22/09/2022 Updated: 07/11/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Google

Vulnerability Summary

A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google protobuf-cpp

google protobuf-python

fedoraproject fedora 36

fedoraproject fedora 37

debian debian linux 10.0

Vendor Advisories

Ubuntu Security Notice: USN-5769-1: protobuf vulnerabilities
Several security issues were fixed in protobuf ...
Amazon Linux 2: ALAS2-2023-1973
A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3161, 3173, 3182, 3194, 3201 and 3215 for protobuf-cpp, and versions prior to and including 3161, 3173, 3182, 3194, 3201 and 4215 for protobuf-python can lead to out of memory failures A specially crafted message with mult ...
Arch Linux Issues:
A message parsing and memory management vulnerability in ProtocolBuffer’s C++ and Python implementations can trigger an out of memory (OOM) failure when processing a specially crafted message, which could lead to a denial of service (DoS) on services using the libraries ...

Github Repositories

https://github.com/sysdiglabs/charts

The official source for Sysdig’s Helm charts

Sysdig Helm Charts This GitHub repository is the official source for Sysdig's Helm charts For instructions about how to install charts from this repository, visit the public website at chartssysdigcom Contribute

https://github.com/MikeHorn-git/docker-forensic-toolbox

A docker CLI toolbox for forensics investigations.

Docker Forensic Toolbox Informations Credential : forensic:forensic From : Debian Bookworm Slim Size : Around 900MB Time : Few minutes to build Depending on your system Trivy : 0 unfixed vulnerabilities Installation git clone htps://githubcom/MikeHorn-git/docker-forensic-toolboxgit cd docker-forensic-toolbox Docker Compose sudo d

References

NVD-CWE-Otherhttps://cloud.google.com/support/bulletins#GCP-2022-019https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hfhttp://www.openwall.com/lists/oss-security/2022/09/27/1https://lists.debian.org/debian-lts-announce/2023/04/msg00019.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP/https://nvd.nist.govhttps://ubuntu.com/security/notices/USN-5769-1https://alas.aws.amazon.com/AL2/ALAS-2023-1973.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook