PT-2022-36736 · Git +1 · Ghostscript

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-use-after-free READ 8 crash has been reported. The crash involves the gs font finalize and gs gc reclaim functions, and the ireclaim process. No...

CLSA-2022-1667416255 Fix CVE(s): CVE-2021-44879

CVE-2021-44879 - ELSCVE-3342 f2fs: fix to do sanity check on inode type during garbage collection...

CVE-2022-3509 Parsing issue in protobuf textformat

A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes...

CVE-2022-3509 Parsing issue in protobuf textformat

A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes...

CVE-2022-3171

A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted...

OESA-2022-2011 protobuf security update

Security Fixes: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can...

ROS-20221020-02

A vulnerability in the Java Protocol Buffers protobuf-java runtime library is related to a problem analyzing binary data. Exploitation of the vulnerability could allow an attacker acting remotely to send data containing multiple instances of non-repeating embedded messages to the application's...

CVE-2022-2602

iouring UAF, Unix SCM garbage collection...

UBUNTU-CVE-2022-2602

iouring UAF, Unix SCM garbage collection...

CVE-2022-3171

A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted...

CVE-2022-3171

A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted...

UBUNTU-CVE-2022-3171

A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted...

PT-2025-37490

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s io uring/af unix functionality related to the garbage collection of registered files. The issue involves deferring the garbage collection of registere...

Denial Of Service (DoS)

protobuf-java is vulnerable to denial of service. The vulnerability exists in the parsing procedure for binary and text format data because the input streams contain multiple instances of non-repeated embedded messages with repeated or unknown fields, resulting in potentially long garbage...

Denial of Service (DoS)

Overview google-protobuf is a Google's data interchange format. Affected versions of this package are vulnerable to Denial of Service DoS via the parsing procedure for binary and text format data. Input streams containing multiple instances of non-repeated embedded messages with repeated or unkno...

PT-2022-5139 · Google +4 · Protobuf-Java +6

Name of the Vulnerable Software and Affected Versions: protobuf-java versions prior to 3.21.7 protobuf-java versions prior to 3.20.3 protobuf-java versions prior to 3.19.6 protobuf-java versions prior to 3.16.3 Jira Service Management affected versions not specified Jira Work Management affected...

PT-2022-6746 · Google +3 · Protobuf-Java +4

Name of the Vulnerable Software and Affected Versions: protobuf-java core and lite versions prior to 3.21.7 protobuf-java core and lite versions prior to 3.20.3 protobuf-java core and lite versions prior to 3.19.6 protobuf-java core and lite versions prior to 3.16.3 Description: A parsing issue i...

The vulnerability of C and C++ garbage collectors using Boehm-Demers-Weiser GC allows a intruder to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of garbage collectors in C and C++ languages, such as Boehm-Demers-Weiser GC, involves the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to gain access to confidential data, compromise its integrity, and ev...

This Week in Spring - September 13th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! Weve got a lot of good stuff to get to so lets dive right into it! A Bootiful Podcast: Hashicorps Rosemary Wang on securing the intersection of apps and ops with Hashicorp Vault a nice video by my colleague Dan Vega: Spring...

[SECURITY] Fedora 35 Update: lua-5.4.4-3.fc35

Lua is a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Lua is free software. Lua combines simple procedural syntax with powerful data description constructs based on associative arrays and...