Lucene search
K

48 matches found

Redos
Redos
added 2022/10/20 12:0 a.m.34 views

ROS-20221020-02

A vulnerability in the Java Protocol Buffers protobuf-java runtime library is related to a problem analyzing binary data. Exploitation of the vulnerability could allow an attacker acting remotely to send data containing multiple instances of non-repeating embedded messages to the application's...

7.5CVSS7.6AI score0.01048EPSS
Exploits0
OSV
OSV
added 2022/10/12 11:15 p.m.2 views

DEBIAN-CVE-2022-3171

A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted...

7.5CVSS6.1AI score0.01048EPSS
Exploits0References1
Veracode
Veracode
added 2022/10/06 4:0 a.m.30 views

Denial Of Service (DoS)

protobuf-java is vulnerable to denial of service. The vulnerability exists in the parsing procedure for binary and text format data because the input streams contain multiple instances of non-repeated embedded messages with repeated or unknown fields, resulting in potentially long garbage...

7.5CVSS7.4AI score0.01048EPSS
Exploits0References15Affected Software2
OSV
OSV
added 2022/10/04 10:17 p.m.4 views

GHSA-H4H5-3HR4-J3G2 protobuf-java has a potential Denial of Service issue

Summary A potential Denial of Service issue in protobuf-java core and lite was discovered in the parsing procedure for binary and text format data. Input streams containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted...

5.7CVSS6.8AI score0.01048EPSS
Exploits0References12
OSV
OSV
added 2022/01/07 10:31 p.m.0 views

GHSA-WRVW-HG22-4M67 A potential Denial of Service issue in protobuf-java

Summary A potential Denial of Service issue in protobuf-java was discovered in the parsing procedure for binary data. Reporter: OSS-Fuzz Affected versions: All versions of Java Protobufs including Kotlin and JRuby prior to the versions listed below. Protobuf "javalite" users typically Android are...

7.5CVSS6.8AI score0.01655EPSS
Exploits1References8
OSV
OSV
added 2021/04/14 8:4 p.m.16 views

GO-2021-0088 Denial of service via ignored unknown fields in github.com/facebook/fbthrift

Skip ignores unknown fields, rather than failing. A malicious user can craft small messages with unknown fields which can take significant resources to parse. If a server accepts messages from an untrusted user, it may be used as a denial of service vector...

7.5CVSS7.2AI score0.01994EPSS
Exploits0References2
CVE
CVE
added 2012/11/24 8:0 p.m.57 views

CVE-2012-6037

CVE-2012-6037 affects Mahara installations vulnerable to cross-site scripting via a CSV header with “unknown fields” in error messages during bulk user, group, and group member uploads. Affected versions include Mahara 1.2 and 1.4.x before 1.4.5, and 1.5.x before 1.5.4. The root cause is improper...

4.3CVSS7.8AI score0.01832EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2012/11/24 8:0 p.m.27 views

CVE-2012-6037

Multiple cross-site scripting XSS vulnerabilities in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4, and other versions including 1.2, allow remote attackers to inject arbitrary web script or HTML via a CSV header with "unknown fields," which are not properly handled in error messages in the 1...

8.2AI score0.01832EPSS
Exploits0References3
Rows per page
Query Builder