Lucene search

K

RedosROS-20230619-06

HistoryJun 19, 2023 - 12:00 a.m.

ROS-20230619-06

2023-06-1900:00:00

redos.red-soft.ru

11

vulnerability

protobuf-c

data serialization

integer overflow

remote exploitation

complete compromise

unix

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

5.1%

Vulnerability in protobuf-c data serialization protocol is related to integer overflow in the function
parse_required_member(). Exploitation of the vulnerability could allow an attacker acting remotely,
to cause a complete compromise of the vulnerable system.

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64protobuf-c<= 1.4.0-2UNKNOWN

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

5.1%

Related for ROS-20230619-06

cbl_mariner2 openvas19 cvelist1 nessus29 veracode1 osv3 cve1 ubuntucve1 fedora3 redhat18 nvd1 redhatcve1 almalinux2 amazon1 prion1 oraclelinux2 rosalinux2 alpinelinux1 ibm7 debiancve1 photon3