Veracode Vulnerability DatabaseVERACODE:38088Denial Of Service (DoS)
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
13.1%
protobuf is vulnerable to denial of service. The vulnerability exists because of the unchecked call in the proto file’s name during the generation of the resulting error message, allowing an attacker to cause an application crash by passing the incorrect symbol.
References
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index
access.redhat.com/errata/RHSA-2022:7464
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=2049429
github.com/protocolbuffers/protobuf/releases/tag/v3.15.0
lists.debian.org/debian-lts-announce/2023/04/msg00019.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DVUZPALAQ34TQP6KFNLM4IZS6B32XSA/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BTRGBRC5KGCA4SK5MUNLPYJRAGXMBIYY/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFX6KPNOFHYD6L4XES5PCM3QNSKZBOTQ/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTWVQRB5OCCTMKEQFY5MYED3DXDVSLP/
lists.fedoraproject.org/archives/list/[email protected]/message/3DVUZPALAQ34TQP6KFNLM4IZS6B32XSA/
lists.fedoraproject.org/archives/list/[email protected]/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X/
lists.fedoraproject.org/archives/list/[email protected]/message/BTRGBRC5KGCA4SK5MUNLPYJRAGXMBIYY/
lists.fedoraproject.org/archives/list/[email protected]/message/IFX6KPNOFHYD6L4XES5PCM3QNSKZBOTQ/
lists.fedoraproject.org/archives/list/[email protected]/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B/
lists.fedoraproject.org/archives/list/[email protected]/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE/
lists.fedoraproject.org/archives/list/[email protected]/message/NVTWVQRB5OCCTMKEQFY5MYED3DXDVSLP/
security.netapp.com/advisory/ntap-20220429-0005/
www.oracle.com/security-alerts/cpuapr2022.html
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
13.1%