Lucene search

Veracode Vulnerability DatabaseVERACODE:40184

HistoryApr 19, 2023 - 7:47 a.m.

Integer Overflow

2023-04-1907:47:02

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON

libprotobuf-c.so is vulnerable to Integer Overflow. The vulnerability exists in the parse_required_member function of protobuf-c.c, because the method does not check if the len >= pref_len which will result in an integer overflow, possibly leading to Denial of Service.

CPENameOperatorVersion
libprotobuf-c.sole1.0.0
libprotobuf-c.sole1.0.0

CPE	Name	Operator	Version
	libprotobuf-c.so	le	1.0.0
	libprotobuf-c.so	le	1.0.0

References

github.com/protobuf-c/protobuf-c/commit/ec3d900001a13ccdaa8aef996b34c61159c76217

github.com/protobuf-c/protobuf-c/issues/499

github.com/protobuf-c/protobuf-c/pull/513

github.com/protobuf-c/protobuf-c/releases/tag/v1.4.1

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI4JZSHJXW7WOOTAQSV5SUCC5GE2GC2B/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UGLZZYPOLI733DPETL444E3GY5KSS6LG/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNUEZZEPR2F6M67ANXLOPJX6AQL3TK4P/

lists.fedoraproject.org/archives/list/[email protected]/message/EI4JZSHJXW7WOOTAQSV5SUCC5GE2GC2B/

lists.fedoraproject.org/archives/list/[email protected]/message/UGLZZYPOLI733DPETL444E3GY5KSS6LG/

lists.fedoraproject.org/archives/list/[email protected]/message/VNUEZZEPR2F6M67ANXLOPJX6AQL3TK4P/

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for VERACODE:40184