GHSA-2FCV-QWW3-9V6H Babylon's malformed vote extensions are not rejected

Summary Adversarial validators can send large vote extensions by using non-existing protobuf tags. This will result in the rejection of the subsequent block proposal. Eventually, all block proposals will be rejected by all validators. Impact A small group of adversarial validators can cause a cha...

📄 Meshtastic Buffer Overflow

A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not require authentication or user interaction, as long as...

CVE-2025-24797 Meshtastic incorrectly hands malformed packets leads to controlled buffer overflow

Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not...

CVE-2023-27488 Envoy gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received.

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, escalation of privileges is possible when failuremodeallow: true is configured for extauthz filter. For affected components that are used for loggin...

PT-2023-21163 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 Description: The issue concerns escalation of privileges when failure mode allow: true is configured for the ext authz filter in Envoy, an open source edge and service proxy...