Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1odzdjLTNyZmctcDQ2as4AAyHf

High EPSS: 0.00276% (0.50652 Percentile) EPSS:
Permalink JSON

google.golang.org/protobuf vulnerable to panic leading to denial of service

Affected Packages Affected Versions Fixed Versions
go:google.golang.org/protobuf >= 1.29.0, < 1.29.1 1.29.1
86,079 Dependent packages
148,671 Dependent repositories

Affected Version Ranges

All affected versions

1.29.0

All unaffected versions

1.20.0, 1.20.1, 1.21.0, 1.22.0, 1.23.0, 1.24.0, 1.25.0, 1.26.0, 1.27.0, 1.27.1, 1.28.0, 1.28.1, 1.29.1, 1.30.0, 1.31.0, 1.32.0, 1.33.0, 1.34.0, 1.34.1, 1.34.2, 1.35.0, 1.35.1, 1.35.2, 1.36.0, 1.36.1, 1.36.2, 1.36.3, 1.36.4, 1.36.5, 1.36.6

Parsing invalid messages can panic.

Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic.

References:

Identifiers

GHSA-hw7c-3rfg-p46j

CVE-2023-24535

Risk

Severity

High

EPSS

EPSS Percentage: 0.00276

EPSS Percentile: 0.50652

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/golang/protobuf

Date and time

Published

over 2 years ago

Updated

about 1 year ago

API

JSON