An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1odzdjLTNyZmctcDQ2as4AAyHf

High EPSS: 0.00276% (0.50652 Percentile) EPSS:

google.golang.org/protobuf vulnerable to panic leading to denial of service

Affected Packages Affected Versions Fixed Versions
go:google.golang.org/protobuf >= 1.29.0, < 1.29.1 1.29.1
86,079 Dependent packages
148,671 Dependent repositories

Affected Version Ranges

All affected versions

1.29.0

All unaffected versions

1.20.0, 1.20.1, 1.21.0, 1.22.0, 1.23.0, 1.24.0, 1.25.0, 1.26.0, 1.27.0, 1.27.1, 1.28.0, 1.28.1, 1.29.1, 1.30.0, 1.31.0, 1.32.0, 1.33.0, 1.34.0, 1.34.1, 1.34.2, 1.35.0, 1.35.1, 1.35.2, 1.36.0, 1.36.1, 1.36.2, 1.36.3, 1.36.4, 1.36.5, 1.36.6

Parsing invalid messages can panic.

Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic.

References: