libprotobuf-c.so is vulnerable to Integer Overflow. The vulnerability exists in the parse_required_member
function of protobuf-c.c
, because the method does not check if the len
>= pref_len
which will result in an integer overflow, possibly leading to Denial of Service.
CPE | Name | Operator | Version |
---|---|---|---|
libprotobuf-c.so | le | 1.0.0 | |
libprotobuf-c.so | le | 1.0.0 |
github.com/protobuf-c/protobuf-c/commit/ec3d900001a13ccdaa8aef996b34c61159c76217
github.com/protobuf-c/protobuf-c/issues/499
github.com/protobuf-c/protobuf-c/pull/513
github.com/protobuf-c/protobuf-c/releases/tag/v1.4.1
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI4JZSHJXW7WOOTAQSV5SUCC5GE2GC2B/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UGLZZYPOLI733DPETL444E3GY5KSS6LG/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNUEZZEPR2F6M67ANXLOPJX6AQL3TK4P/
lists.fedoraproject.org/archives/list/[email protected]/message/EI4JZSHJXW7WOOTAQSV5SUCC5GE2GC2B/
lists.fedoraproject.org/archives/list/[email protected]/message/UGLZZYPOLI733DPETL444E3GY5KSS6LG/
lists.fedoraproject.org/archives/list/[email protected]/message/VNUEZZEPR2F6M67ANXLOPJX6AQL3TK4P/