ALT-PU-2024-12047-3
Package protobuf-c updated to version 1.5.0-alt1 for branch c10f2 in task 356812.
Closed vulnerabilities
Published: 2023-04-13
BDU:2023-03313
Уязвимость функции parse_required_member() протокола сериализации данных protobuf-c, связанная с целочисленным переполнением, позволяющая нарушителю выполнить произвольный код и привести систему к полной компрометации
Severity: HIGH (7.3)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
References:
Published: 2023-04-14
Modified: 2025-02-07
Modified: 2025-02-07
CVE-2022-48468
protobuf-c before 1.4.1 has an unsigned integer overflow in parse_required_member.
Severity: MEDIUM (5.5)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
- https://github.com/protobuf-c/protobuf-c/commit/ec3d900001a13ccdaa8aef996b34c61159c76217
- https://github.com/protobuf-c/protobuf-c/commit/ec3d900001a13ccdaa8aef996b34c61159c76217
- https://github.com/protobuf-c/protobuf-c/issues/499
- https://github.com/protobuf-c/protobuf-c/issues/499
- https://github.com/protobuf-c/protobuf-c/pull/513
- https://github.com/protobuf-c/protobuf-c/pull/513
- https://github.com/protobuf-c/protobuf-c/releases/tag/v1.4.1
- https://github.com/protobuf-c/protobuf-c/releases/tag/v1.4.1
- FEDORA-2023-4e094d5297
- FEDORA-2023-4e094d5297
- FEDORA-2023-8b0938312e
- FEDORA-2023-8b0938312e
- FEDORA-2023-6cfe134db6
- FEDORA-2023-6cfe134db6