281 matches found
SUSE CVE-2024-2410
The JsonToBinaryStream function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes from a chunk that has already been freed...
SUSE CVE-2024-7254
Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or...
DoS (Denial of Service) com.google.protobuf:protobuf-java Dependency in Jira Software Data Center and Server
This High severity com.google.protobuf:protobuf-java Dependency vulnerability was introduced in versions 9.4.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.11.0, 9.12.0, 9.13.0, 9.14.0, 9.15.0, 9.16.1, 9.17.0, 10.0.0, and 10.1.1 of Jira Software Data Center and Server. This...
Security Bulletin: Vulnerability in Protocol Buffers affects IBM watsonx Assistant for IBM Cloud Pak for Data
Summary Potential vulnerability in Protocol Buffers has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses...
Security update for protobuf
This update for protobuf fixes the following issues: CVE-2024-7254: Fixed a stack overflow vulnerability in protocol buffers bsc1230778 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run...
IBM WebSphere Application Server Liberty 20.0.0.12 < 24.0.0.11 DoS (7173097)
The version of IBM WebSphere Application Server Liberty running on the remote host is affected by a DoS vulnerability as referenced in the 7173097 advisory. - Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can...
Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to Google Protocol Buffers (CVE-2024-7254).
Summary IBM App Connect Enterprise and IBM App Connect Enterprise Toolkit are vulnerable to a denial of service due to Google Protocol Buffers CVE-2024-7254. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Google...
Security Bulletin: IBM Maximo Application Suite uses WebSphere Application Server Liberty is vulnerable to a denial of service due to Google Protocol Buffers which is vulnerable to CVE-2024-7254
Summary IBM Maximo Application Suite uses WebSphere Application Server Liberty is vulnerable to a denial of service due to Google Protocol Buffers which is vulnerable to CVE-2024-7254. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...
Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Google Protocol Buffers (CVE-2024-7254)
Summary There is a vulnerability in the Google Protocol Buffers protobuf library used by IBM WebSphere Application Server Liberty with the grpc-1.0 or grpcClient-1.0 feature enabled. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Google Protocol Buffers a.k.a., protobuf is vulnerable to a...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a denial of service due to Google Protocol Buffers (CVE-2024-7254)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, contains a vulnerability in the Google Protocol Buffers protobuf library with the grpc-1.0 or grpcClient-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a denial of service due to Google Protocol Buffers (CVE-2024-7254)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, contains a vulnerability in the Google Protocol Buffers protobuf library with the grpc-1.0 or grpcClient-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service [CVE-2024-7254]
Summary The Google Protocol Buffers package is used by IBM App Connect Enterprise Certified Container for processing DFDL message definitions. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime that use the DFDL parser are vulnerable to denial of service. This...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Protocol Buffers protobuf-go denial of service vulnerability [ CVE-2024-24786]
Summary Potential denial of service vulnerability in Protocol Buffers protobuf-go CVE-2024-24786 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details...
Security Bulletin: IBM PowerVM Novalink is vulnerable because Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit. (CVE-2024-7254)
Summary IBM PowerVM Novalink is vulnerable because Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with...
Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Protocol Buffers protobuf-go denial of service vulnerabilitiy( CVE-2024-24786)
Summary A potential denial of service vulnerability CVE-2024-24786 has been identified related to Protocol Buffers protobuf-go that affects IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-24786...
Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Google Protocol Buffers (CVE-2024-7254)
Summary There is a vulnerability in the Google Protocol Buffers protobuf library used by IBM WebSphere Application Server Liberty with the grpc-1.0 or grpcClient-1.0 feature enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in...
Security Bulletin: IBM Maximo Application Suite Predict Component uses WebSphere Application Server Liberty is vulnerable to a denial of service due to Google Protocol Buffers which is vulnerable toCVE-2024-7254
Summary Security Bulletin: IBM Maximo Application Suite Predict Component uses WebSphere Application Server Liberty is vulnerable to a denial of service due to Google Protocol Buffers which is vulnerable toCVE-2024-7254. This bulletin contains information regarding the vulnerability and its...
CVE-2025-21088 WebApp crash via improper validation of proto style in attachments
Mattermost versions 10.2.x = 10.2.0, 9.11.x = 9.11.5, 10.0.x = 10.0.3, 10.1.x = 10.1.3 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the frontend via crafted malicious input...
CVE-2024-53984
Nanopb is a small code-size Protocol Buffers implementation. When the compile time option PBENABLEMALLOC is enabled, the message contains at least one field with FTPOINTER field type, custom stream callback is used with unknown stream length. and the pbdecodeex function is used with flag...
protobuf: StackOverflow vulnerability in Protocol Buffers
A flaw was found in Protocol Buffers protobuf. This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion...