63 matches found
PBC 安全漏洞
PBC is a Google Protocol Buffer Library for C from the individual developers at cloudwu in China. A denial of service vulnerability exists in PBC 2022-8-27 and prior versions, which stems from a segmentation error in the PBCwmessageinteger function in src/wmessage.c:137. An attacker could exploit...
[SECURITY] Fedora 36 Update: golang-github-googleapis-gnostic-0.5.3-7.fc36
This package contains a Go command line tool which converts JSON and YAML OpenAPI descriptions to and from equivalent Protocol Buffer representations. Protocol Buffers provide a language-neutral, platform-neutral, extensible mechanism for serializing structured data. gnostic's Protocol Buffer...
[SECURITY] Fedora 35 Update: golang-github-googleapis-gnostic-0.5.3-6.fc35
This package contains a Go command line tool which converts JSON and YAML OpenAPI descriptions to and from equivalent Protocol Buffer representations. Protocol Buffers provide a language-neutral, platform-neutral, extensible mechanism for serializing structured data. gnostic's Protocol Buffer...
protobuf-c denial-of-service vulnerability
protobuf-c is a protocol buffer implementation based on C. A denial of service vulnerability exists in Protobuf-c v1.4.0, which stems from a function parsetagandwiretype in protobuf-c/protobuf-c.c that contains an invalid arithmetic shift. An attacker could exploit this vulnerability to cause a...
[SECURITY] Fedora 36 Update: golang-github-googleapis-gnostic-0.5.3-5.fc36
This package contains a Go command line tool which converts JSON and YAML OpenAPI descriptions to and from equivalent Protocol Buffer representations. Protocol Buffers provide a language-neutral, platform-neutral, extensible mechanism for serializing structured data. gnostic's Protocol Buffer...
Fedora: Security Advisory for golang-github-googleapis-gnostic (FEDORA-2022-5cbd6de569)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for golang-github-googleapis-gnostic (FEDORA-2022-3a63897745)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 35 Update: golang-github-googleapis-gnostic-0.5.3-5.fc35
This package contains a Go command line tool which converts JSON and YAML OpenAPI descriptions to and from equivalent Protocol Buffer representations. Protocol Buffers provide a language-neutral, platform-neutral, extensible mechanism for serializing structured data. gnostic's Protocol Buffer...
Security Bulletin: IBM Security Guardium Insights is affected by multiple vulnerabilities
Summary IBM Security Guardium Insights addressed the following issues with an update. Vulnerability Details CVEID: CVE-2021-43797 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP transfer-encoding request header names. By sending a specially-craft...
PYSEC-2022-48
Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to...
Google protobuf 代码问题漏洞
Google protobuf is a data interchange format from Google, Inc. A code issue vulnerability exists in Google protobuf that stems from Nullptr dereferencing when null characters are present in the original symbol. The symbols are parsed incorrectly, resulting in an unchecked call to the name of the...
CVE-2021-22569
A flaw was found in protobuf-java. Google Protocol Buffer protobuf-java allows the interleaving of com.google.protobuf.UnknownFieldSet fields. By persuading a victim to open specially-crafted content, a remote attacker could cause a timeout in the ProtobufFuzzer function, resulting in a denial of...
D-LINK DIR-3040 WiFi Smart Mesh information disclosure vulnerability
Summary An information disclosure vulnerability exists in the WiFi Smart Mesh functionality of D-LINK DIR-3040 1.13B03. A specially-crafted network request can lead to command execution. An attacker can connect to the MQTT service to trigger this vulnerability. Tested Versions D-LINK DIR-3040...
Nanopb Buffer Error Vulnerability
Nanopb is a protocol buffer implementation for microprocessors by the individual developers of Nanopb. A buffer error vulnerability exists in Nanopb version 0.4.4 and versions prior to 0.3.9.7, which stems from the possibility that a decoded message in a particular format may leak memory if dynam...
PYSEC-2020-321
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's SavedModel protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using tensorflow-servin...
Denial of Service in Tensorflow
Impact Changing the TensorFlow's SavedModel protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using tensorflow-serving or other inference-as-a-service installments. We have added...
PT-2020-14277 · Google +1 · Tensorflow +1
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 1.15.4 TensorFlow versions prior to 2.0.3 TensorFlow versions prior to 2.1.2 TensorFlow versions prior to 2.2.1 TensorFlow versions prior to 2.3.1 Description: Changing the TensorFlow's SavedModel protocol buffer...
rust-protobuf out-of-memory vulnerability
rust-protobuf is a Rust implementation of the Google protocol buffer. An out-of-memory vulnerability exists in rust-protobuf versions prior to 2.6.0. An attacker can exploit this vulnerability to exhaust all memory via the Vec::reserve call...
See how do I find the value of 3 thousand 6 thousand USD Google RCE vulnerability-vulnerability warning-the black bar safety net
! This article tells the story of the Uruguayan public University, 18-year-old student Ezequiel Pereira found Google highest level RCE vulnerability-related process. In the beginning of the year, Ezequiel found Google Google App Engine GAEis a non-production environment of a vulnerability, exploi...
Critical: Red Hat Security Advisory: librelp security update
An update for librelp is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...