EUVD-2022-1401

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-3121

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the skippy peanut butter issue...

Security Bulletin: Multiple vulnerabilities that affects IBM Db2 Data Management Console (CVE-2021-3121, CVE-2021-38561, CVE-2023-43804)

Summary github.com/gogo/protobuf, golang.org/x/text, urllib3 are dependency packages used by IBM Db2 Data Management Console . This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 is a user-friendly HTTP clien...

Security Bulletin: IBM Security Guardium Insights is affected by multiple vulnerabilities

Summary IBM Security Guardium Insights has addressed the following vulnerabilities Vulnerability Details CVEID:CVE-2020-13949 DESCRIPTION: Apache Thrift is vulnerable to a denial of service, caused by improper input validation. By sending specially-crafted messages, a remote attacker could exploi...

BIT-PROTOBUF-2021-3121

An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue...

BIT-CONSUL-2021-3121

An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue...

Security Bulletin: IBM Edge Application Manager 4.5 addresses multiple security vulnerabilities

Summary IBM Edge Application Manager 4.5 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2021-41190 DESCRIPTION: Open Container Initiative Distribution Specification could allow a remote authenticated attacker to bypass security restrictions,...

SUSE CVE-2021-3121

An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue...

Security Bulletin: IBM App Connect Enterprise Certified Container operator may be vulnerable to CVE-2021-3121

Summary GoGo Protobuf is used by the IBM App Connect Enterprise Certified Container operator. This bulletin provides patch information to address the reported vulnerability CVE-2021-3121 in GoGo Protobuf. Vulnerability Details CVEID:CVE-2021-3121 DESCRIPTION: An unspecified error with the lack of...

gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation

A flaw was found in github.com/gogo/protobuf before 1.3.2 that allows an out-of-bounds access when unmarshalling certain protobuf objects. This flaw allows a remote attacker to send crafted protobuf messages, causing panic and resulting in a denial of service. The highest threat from this...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.11.5 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.5 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a...

Fedora: Security Advisory for golang-github-gogo-protobuf (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: golang-github-gogo-protobuf-1.3.2-5.fc35

Gogoprotobuf is a fork of golang/protobuf with extra code generation features. This code generation is used to achieve: - fast marshalling and unmarshalling - more canonical Go structures - goprotobuf compatibility - less typing by optionally generating extra helper code - peace of mind by...

GHSA-C3H9-896R-86JM Improper Input Validation in GoGo Protobuf

An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue...

Improper Input Validation in GoGo Protobuf

An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.7.42 security update

Red Hat OpenShift Container Platform release 4.7.42 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.7. Red Hat Product Security has rated this update as having a...

The vulnerability of the GoGolang Protobuf library function, which allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability in the plugin/unmarshal/unmarshal.go library of GoGo Protobuf is related to incorrect array indexing. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.7.28 security update

Red Hat OpenShift Container Platform release 4.7.28 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, whic...

CVE-2021-3121

A flaw was found in github.com/gogo/protobuf before 1.3.2 that allows an out-of-bounds access when unmarshalling certain protobuf objects. This flaw allows a remote attacker to send crafted protobuf messages, causing panic and resulting in a denial of service. The highest threat from this...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.7.23 security update

Red Hat OpenShift Container Platform release 4.7.23 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...