Lucene search
K

14 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/09/25 6:55 p.m.27 views

Security Bulletin: Vulnerability in Protobuf-core affects IBM watsonx.data

Summary Protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for Message-Type Extensions. By sending non-repeated embedded messages with repeated or unknown fields, a remote authenticated attacker could exploit this vulnerability to cause lo...

7.5CVSS8.2AI score0.00483EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/20 8:3 p.m.36 views

Security Bulletin: Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated.

Summary Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated. Vulnerability Details CVEID:CVE-2023-1370 DESCRIPTION: netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By sending a specially crafted input, a...

7.5CVSS7.4AI score0.02459EPSS
Exploits3Affected Software1
RedhatCVE
RedhatCVE
added 2023/04/03 7:43 p.m.73 views

CVE-2022-3510

A flaw was found in Message-Type Extensions in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbag...

5.3CVSS7.3AI score0.00483EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/31 10:43 a.m.23 views

Security Bulletin: Multiple Vulnerabilities in Google Protocol Buffer affect IBM Operations Analytics - Log Analysis (CVE-2022-3509, CVE-2022-3171)

Summary A parsing issue in Google Protocol Buffer shipped with IBM Operations Analytics - Log Analysis can lead to a denial of service attack. Vulnerability Details CVEID:CVE-2022-3171 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing...

7.5CVSS6AI score0.01048EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/03/21 12:0 a.m.47 views

Amazon Linux 2023 : protobuf, protobuf-compiler, protobuf-devel (ALAS2023-2023-049)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-049 advisory. A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to...

7.5CVSS6.4AI score0.01191EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/23 3:50 p.m.22 views

Security Bulletin: CVE-2022-3509, CVE-2022-3171 may affect IBM CICS TX Standard

Summary WebSphere Application Server Liberty is vulnerable to denial of service due to Google protobuf-java . This affects IBM WebSphere Liberty used by IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-3509 DESCRIPTION: protobuf-ja...

7.5CVSS6.2AI score0.01048EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 3:31 a.m.3 views

SUSE CVE-2022-3171

A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted...

7.5CVSS6.6AI score0.01048EPSS
Exploits0References46
Tenable Nessus
Tenable Nessus
added 2023/01/11 12:0 a.m.42 views

GLSA-202301-09 : protobuf-java: Denial of Service

The remote host is affected by the vulnerability described in GLSA-202301-09 protobuf-java: Denial of Service - A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple...

7.5CVSS6.4AI score0.01048EPSS
Exploits0References5
Snyk
Snyk
added 2022/12/13 8:8 a.m.2 views

Denial of Service (DoS)

Overview google-protobuf is a Google's data interchange format. Affected versions of this package are vulnerable to Denial of Service DoS when providing inputs containing multiple instances of non-repeated embedded messages, with repeated or unknown fields. The vulnerability exists due to a parsi...

7.5CVSS7.1AI score0.00483EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/12/12 3:30 p.m.136 views

Protobuf Java vulnerable to Uncontrolled Resource Consumption

A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown...

7.5CVSS7.4AI score0.00483EPSS
Exploits0References3Affected Software2
Positive Technologies
Positive Technologies
added 2022/11/11 12:0 a.m.3 views

PT-2022-6841 · Google +1 · Protobuf-Java +1

Name of the Vulnerable Software and Affected Versions: protobuf-java versions prior to 3.21.7 protobuf-java versions prior to 3.20.3 protobuf-java versions prior to 3.19.6 protobuf-java versions prior to 3.16.3 Description: The issue is related to insufficient input validation in the Java Protoco...

7.8CVSS7.6AI score0.00483EPSS
Exploits0References17
Vulnrichment
Vulnrichment
added 2022/11/01 6:9 p.m.7 views

CVE-2022-3509 Parsing issue in protobuf textformat

A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes...

7.5CVSS7.7AI score0.00567EPSS
Exploits0References1
OSV
OSV
added 2022/11/01 6:9 p.m.32 views

CVE-2022-3509 Parsing issue in protobuf textformat

A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes...

7.5CVSS6.7AI score0.00567EPSS
Exploits0References4
OSV
OSV
added 2022/10/21 11:4 a.m.2 views

OESA-2022-2011 protobuf security update

Security Fixes: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can...

7.5CVSS7.8AI score0.01191EPSS
Exploits0References3
Rows per page
Query Builder