48 matches found
ROS-20221020-02
A vulnerability in the Java Protocol Buffers protobuf-java runtime library is related to a problem analyzing binary data. Exploitation of the vulnerability could allow an attacker acting remotely to send data containing multiple instances of non-repeating embedded messages to the application's...
DEBIAN-CVE-2022-3171
A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted...
Denial Of Service (DoS)
protobuf-java is vulnerable to denial of service. The vulnerability exists in the parsing procedure for binary and text format data because the input streams contain multiple instances of non-repeated embedded messages with repeated or unknown fields, resulting in potentially long garbage...
GHSA-H4H5-3HR4-J3G2 protobuf-java has a potential Denial of Service issue
Summary A potential Denial of Service issue in protobuf-java core and lite was discovered in the parsing procedure for binary and text format data. Input streams containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted...
GHSA-WRVW-HG22-4M67 A potential Denial of Service issue in protobuf-java
Summary A potential Denial of Service issue in protobuf-java was discovered in the parsing procedure for binary data. Reporter: OSS-Fuzz Affected versions: All versions of Java Protobufs including Kotlin and JRuby prior to the versions listed below. Protobuf "javalite" users typically Android are...
GO-2021-0088 Denial of service via ignored unknown fields in github.com/facebook/fbthrift
Skip ignores unknown fields, rather than failing. A malicious user can craft small messages with unknown fields which can take significant resources to parse. If a server accepts messages from an untrusted user, it may be used as a denial of service vector...
CVE-2012-6037
CVE-2012-6037 affects Mahara installations vulnerable to cross-site scripting via a CSV header with “unknown fields” in error messages during bulk user, group, and group member uploads. Affected versions include Mahara 1.2 and 1.4.x before 1.4.5, and 1.5.x before 1.5.4. The root cause is improper...
CVE-2012-6037
Multiple cross-site scripting XSS vulnerabilities in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4, and other versions including 1.2, allow remote attackers to inject arbitrary web script or HTML via a CSV header with "unknown fields," which are not properly handled in error messages in the 1...