5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
5.3%
libprotobuf-c.so is vulnerable to Integer Overflow. The vulnerability exists in the parse_required_member
function of protobuf-c.c
, because the method does not check if the len
>= pref_len
which will result in an integer overflow, possibly leading to Denial of Service.
CPE | Name | Operator | Version |
---|---|---|---|
libprotobuf-c.so | le | 1.0.0 | |
libprotobuf-c.so | le | 1.0.0 |
github.com/protobuf-c/protobuf-c/commit/ec3d900001a13ccdaa8aef996b34c61159c76217
github.com/protobuf-c/protobuf-c/issues/499
github.com/protobuf-c/protobuf-c/pull/513
github.com/protobuf-c/protobuf-c/releases/tag/v1.4.1
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI4JZSHJXW7WOOTAQSV5SUCC5GE2GC2B/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UGLZZYPOLI733DPETL444E3GY5KSS6LG/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNUEZZEPR2F6M67ANXLOPJX6AQL3TK4P/
lists.fedoraproject.org/archives/list/[email protected]/message/EI4JZSHJXW7WOOTAQSV5SUCC5GE2GC2B/
lists.fedoraproject.org/archives/list/[email protected]/message/UGLZZYPOLI733DPETL444E3GY5KSS6LG/
lists.fedoraproject.org/archives/list/[email protected]/message/VNUEZZEPR2F6M67ANXLOPJX6AQL3TK4P/
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
5.3%