OESA-2022-2010 protobuf security update

Security Fixes: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the MessageSet type, by allowing an attacker to send specially crafted message with multiple key-value per elements, therefore creating parsing issues against services which receive unsanitized input. Details...