ai.cheq.sst.android:cheq-sst-kotlin-protobuf (>=0.1.0 <=0.1.3), com.android.designcompose:common (>=0.29.1 <=0.30.0-rc02) +1 more potentially affected by CVE-2024-7254 via com.google.protobuf:protobuf-kotlin-lite (>=4.26.0 <=4.27.3)

com.google.protobuf:protobuf-kotlin-lite MAVEN version =4.26.0, =0.1.0, =0.29.1, =0.6.0, =0.7.0 Source cves: CVE-2024-7254 Source advisory: OSV:GHSA-735F-PC8J-V9W8...

GHSA-735F-PC8J-V9W8 protobuf-java has potential Denial of Service issue

Summary When parsing unknown fields in the Protobuf Java Lite and Full library, a maliciously crafted message can cause a StackOverflow error and lead to a program crash. Reporter: Alexis Challande, Trail of Bits Ecosystem Security Team Affected versions: This issue affects all versions of both t...

build.less:build.less.gradle.plugin (>=1.0.0-beta1 <=1.0.0-rc2), build.less:buildless-plugin-gradle (>=1.0.0-beta1 <=1.0.0-rc2) +178 more potentially affected by CVE-2024-7254 via com.google.protobuf:protobuf-kotlin (>=3.17.3 <=3.25.3)

com.google.protobuf:protobuf-kotlin MAVEN version =3.17.3, =1.0.0-beta1, =1.0.0-beta1, =7.0.0, =0.5.0, =0.0.1-alpha02, =31.9.0, =31.9.0, =31.9.0, =31.9.0, =31.9.0, =31.9.0, =31.9.0, =31.9.0, =31.9.0, =31.9.0, =32.1.0-alpha04 and more S...

com.aerospike:aerospike-proxy-stub (=1.1.0), com.android.designcompose:common (>=0.28.0 <=0.29.0-rc01) +11 more potentially affected by CVE-2024-7254 via com.google.protobuf:protobuf-kotlin (>=4.26.0 <=4.27.2)

com.google.protobuf:protobuf-kotlin MAVEN version =4.26.0, =0.28.0, =0.6.0, =0.5.9, =0.6.0, =0.2.2, =0.2.2, =0.3.0, =0.5.0 Source cves: CVE-2024-7254 Source advisory: OSV:GHSA-735F-PC8J-V9W8...

com.trendyol:stove-testing-e2e-kafka (>=0.13.0 <=0.13.1) potentially affected by CVE-2024-7254 via com.google.protobuf:protobuf-kotlin (=4.28.0)

com.google.protobuf:protobuf-kotlin MAVEN version =4.28.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.google.protobuf:protobuf-kotlin and may be impacted: - com.trendyol:stove-testing-e2e-kafka =0.13.0, =0.13.1 Source cves: CVE-2024-7254 Source...

be.zvz:KotlinInside (>=1.14.0 <=1.16.2), com.connectrpc:connect-kotlin-google-javalite-ext (>=0.2.0 <=0.5.1) +14 more potentially affected by CVE-2024-7254 via com.google.protobuf:protobuf-kotlin-lite (>=3.17.1 <=3.25.3)

com.google.protobuf:protobuf-kotlin-lite MAVEN version =3.17.1, =1.14.0, =0.2.0, =16.0.0-alpha01, =7.7.1, =7.7.1, =0.2.19, =2.1.23, =0.1.0, =0.3.1, =0.1.1, =0.1.1, =3.23.2, =0.100.0, =0.130.1 and more Source cves: CVE-2024-7254 Source advisory: OSV:GHSA-735F-PC8J-V9W8...

protobuf-java has potential Denial of Service issue

Summary When parsing unknown fields in the Protobuf Java Lite and Full library, a maliciously crafted message can cause a StackOverflow error and lead to a program crash. Reporter: Alexis Challande, Trail of Bits Ecosystem Security Team Affected versions: This issue affects all versions of both t...

build.buf:protobuf-javalite (>=4.28.0 <=4.28.1), com.auroraoss:gplayapi (=3.4.2) +1 more potentially affected by CVE-2024-7254 via com.google.protobuf:protobuf-javalite (>=4.28.0-RC1 <=4.28.1)

com.google.protobuf:protobuf-javalite MAVEN version =4.28.0-RC1, =4.28.0, =4.28.0, =4.28.1 Source cves: CVE-2024-7254 Source advisory: SNYK:JAVA-COMGOOGLEPROTOBUF-9398723...

be.zvz:KotlinInside (>=1.14.0 <=1.14.6), com.google.protobuf:protobuf-kotlin-lite (>=3.20.0 <=3.20.2) +8 more potentially affected by CVE-2022-3509 via com.google.protobuf:protobuf-javalite (>=3.20.0 <=3.20.2)

com.google.protobuf:protobuf-javalite MAVEN version =3.20.0, =1.14.0, =3.20.0, =2.12.0, =2.12.0, =2.3.0, =0.2.4, =0.2.6 - io.github.dimensiondev:maskwalletcore =0.5.0 Source cves: CVE-2022-3509 Source advisory: OSV:GHSA-G5WW-5JH7-63CX...

be.zvz:KotlinInside (>=1.14.0 <=1.14.6), com.google.protobuf:protobuf-kotlin-lite (>=3.20.0 <=3.20.2) +8 more potentially affected by CVE-2022-3171 via com.google.protobuf:protobuf-javalite (>=3.20.0-rc-1 <=3.20.2)

com.google.protobuf:protobuf-javalite MAVEN version =3.20.0-rc-1, =1.14.0, =3.20.0, =2.12.0, =2.12.0, =2.3.0, =0.2.4, =0.2.6 - io.github.dimensiondev:maskwalletcore =0.5.0 Source cves: CVE-2022-3171 Source advisory: OSV:GHSA-H4H5-3HR4-J3G2...

com.google.ambient.crossdevice:crossdevice (=0.1.0-preview01), com.google.firebase:firebase-dataconnect (=16.0.0-beta01) +2 more potentially affected by CVE-2022-3171 via com.google.protobuf:protobuf-kotlin-lite (>=3.21.11 <=3.21.3)

com.google.protobuf:protobuf-kotlin-lite MAVEN version =3.21.11, =3.21.3 is affected by a known vulnerability. The following packages have a transitive dependency on com.google.protobuf:protobuf-kotlin-lite and may be impacted: - com.google.ambient.crossdevice:crossdevice =0.1.0-preview01 -...

io.github.dimensiondev:maskwalletcore (>=0.1.0 <=0.4.1) potentially affected by CVE-2022-3171 via com.google.protobuf:protobuf-kotlin-lite (>=3.17.1 <=3.17.3)

com.google.protobuf:protobuf-kotlin-lite MAVEN version =3.17.1, =0.1.0, =0.4.1 Source cves: CVE-2022-3171 Source advisory: OSV:GHSA-H4H5-3HR4-J3G2...

com.jamshedalamqaderi.ktransport:generate-proto (>=0.0.1-dev-17 <=1.0.6), com.wavesenterprise:we-contract-sdk-grpc (>=1.0.0 <=1.2.0) +7 more potentially affected by CVE-2022-3171 via com.google.protobuf:protobuf-kotlin (=3.20.1)

com.google.protobuf:protobuf-kotlin MAVEN version =3.20.1 is affected by a known vulnerability. The following packages have a transitive dependency on com.google.protobuf:protobuf-kotlin and may be impacted: - com.jamshedalamqaderi.ktransport:generate-proto =0.0.1-dev-17, =1.0.0, =0.2.0, =0.2.0,...

be.zvz:KotlinInside (>=1.14.0 <=1.14.6), io.github.dimensiondev:maskwalletcore (=0.5.0) potentially affected by CVE-2022-3171 via com.google.protobuf:protobuf-kotlin-lite (>=3.20.0 <=3.20.1)

com.google.protobuf:protobuf-kotlin-lite MAVEN version =3.20.0, =1.14.0, =1.14.6 - io.github.dimensiondev:maskwalletcore =0.5.0 Source cves: CVE-2022-3171 Source advisory: OSV:GHSA-H4H5-3HR4-J3G2...

com.figure.classification.asset:ac-util (>=2.0.0 <=2.0.0-figuretest10), com.google.privacy.differentialprivacy.pipelinedp4j:pipelinedp4j (>=0.0.1 <=0.0.3) +65 more potentially affected by CVE-2022-3171 via com.google.protobuf:protobuf-kotlin (>=3.17.3 <=3.19.4)

com.google.protobuf:protobuf-kotlin MAVEN version =3.17.3, =2.0.0, =0.0.1, =57.0.0-v202207070922-BETA, =57.0.0-v202207070922-BETA, =0.8.0, =1.0.0, =1.0.0, =0.1.0, =0.0.1-rc33, =0.2.0, =0.0.1-RELEASE, =1.0.0, =1.0.1, =1.0.4 and more Source cves: CVE-2022-3171 Source advisory: OSV:GHSA-H4H5-3HR4-J3...

com.github.frtu.libs:lib-grpc (>=1.2.3 <=2.0.7), com.github.frtu.libs:lib-serdes-protobuf (>=1.2.3 <=2.0.7) +32 more potentially affected by CVE-2022-3171 via com.google.protobuf:protobuf-kotlin (>=3.21.1 <=3.21.6)

com.google.protobuf:protobuf-kotlin MAVEN version =3.21.1, =1.2.3, =1.2.3, =0.3.4, =1.0.0, =7.6.0, =7.6.0, =1.0-v3-alpha3-b7, =1.0-v3-alpha3-b7, =1.0-v3-alpha3-b7, =1.0-v3-alpha3-b7, =1.0-v3-alpha3-b7, =1.0-v3-alpha3-b8 and more Source cves: CVE-2022-3171 Source advisory: OSV:GHSA-H4H5-3HR4-J3G2...

com.figure.classification.asset:ac-util (>=2.0.0 <=2.0.0-figuretest10), de.fhg.aisec.ids:idscp2-ra-cmc (>=0.8.0 <=0.8.1.1) +50 more potentially affected by CVE-2021-22569 via com.google.protobuf:protobuf-kotlin (>=3.19.0 <=3.19.1)

com.google.protobuf:protobuf-kotlin MAVEN version =3.19.0, =2.0.0, =0.8.0, =0.0.1-rc33, =0.2.0, =0.0.0-test3, =1.0.0, =1.1.0, =1.0.1, =0.0.3, =1.2.0, =1.2.0, =1.2.0, =2.3.2 and more Source cves: CVE-2021-22569 Source advisory: OSV:GHSA-WRVW-HG22-4M67...

com.google.privacy.differentialprivacy.pipelinedp4j:pipelinedp4j (>=0.0.1 <=0.0.3) potentially affected by CVE-2021-22569 via com.google.protobuf:protobuf-kotlin (=3.18.0)

com.google.protobuf:protobuf-kotlin MAVEN version =3.18.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.google.protobuf:protobuf-kotlin and may be impacted: - com.google.privacy.differentialprivacy.pipelinedp4j:pipelinedp4j =0.0.1, =0.0.3 Source...

A potential Denial of Service issue in protobuf-java

Summary A potential Denial of Service issue in protobuf-java was discovered in the parsing procedure for binary data. Affected versions: All versions of Java Protobufs including Kotlin and JRuby prior to the versions listed below. Protobuf "javalite" users typically Android are not affected...