Lucene search
GoogleOSV:GHSA-762F-C2WG-M8C8HistoryOct 09, 2018 - 12:27 a.m.
Denial of Service in protobufjs
2018-10-0900:27:15
Google
osv.dev
4
0.001 Low
EPSS
Percentile
26.4%
Versions of protobufjs before 5.0.3 and 6.8.6 are vulnerable to a regular expression denial of service when parsing crafted invalid *.proto files.
Recommendation
Update to version 5.0.3, 6.8.6 or later.
| CPE | Name | Operator | Version |
|---|---|---|---|
| protobufjs | lt | 6.8.6 | |
| protobufjs | lt | 5.0.3 | |
| protobufjs | ge | 6.0.0 |
Related
cvelist
cvelist
CVE-2018-3738
2018-04-26 00:00:00
hackerone
hackerone
prion
prion
Code injection
2018-06-07 02:29:00
nvd
nvd
CVE-2018-3738
2018-06-07 02:29:08
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2018-04-03 04:54:20
cve
cve
CVE-2018-3738
2018-06-07 02:29:08
osv
osv
CVE-2018-3738
2018-06-07 02:29:08
github
github
Denial of Service in protobufjs
2018-10-09 00:27:15