7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
43.2%
protobuf-cpp is vulnerable to Denial of Service. The vulnerability exists in multiple functions due to out of memory failures which allows an attacker to cause an application crash via multiple key-value.
www.openwall.com/lists/oss-security/2022/09/27/1
bugzilla.suse.com/show_bug.cgi?id=1203681
cloud.google.com/support/bulletins#GCP-2022-019
github.com/advisories/GHSA-8gq9-2x98-w8hf
github.com/protocolbuffers/protobuf/commit/0299c03005fbfe086d8394fb7a873a8a21fe327f
github.com/protocolbuffers/protobuf/commit/b4c395aaedfacb32e2414d361fa85968c0991b34
github.com/protocolbuffers/protobuf/commit/cd0ee8f45d0d749a1e4deb9847e53efb62c04d7b
github.com/protocolbuffers/protobuf/commit/d1635e1496f51e0d5653d856211e8821bc47adc4
github.com/protocolbuffers/protobuf/pull/10542
github.com/protocolbuffers/protobuf/pull/10543
github.com/protocolbuffers/protobuf/pull/10544
github.com/protocolbuffers/protobuf/pull/10545
github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf
lists.debian.org/debian-lts-announce/2023/04/msg00019.html
lists.fedoraproject.org/archives/list/[email protected]/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3/
lists.fedoraproject.org/archives/list/[email protected]/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP/
www.openwall.com/lists/oss-security/2022/09/27/1
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
43.2%