protobuf

vulnerable: 2.0.0beta ... 3.3.0 (25 versions)

protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.

vulnerable: 2.0.0beta ... 3.9.2 (64 versions)

Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly …

vulnerable: 4.21.0 ... 4.21.5 (8 versions)

A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, …

vulnerable: 2.0.0beta ... 4.25.7 (153 versions)

Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recurs…

vulnerable: 2.0.0beta ... 5.29.5 (184 versions)

A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth acco…