Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XGoogle Protobuf
APPGoogle< 3.25.54.0.0 – 4.27.5 (bez)4.28.0 – 4.28.2 (bez)Google Protobuf Java
APPGoogle< 3.25.54.0.0 – 4.27.5 (bez)4.28.0 – 4.28.2 (bez)Google Protobuf Javalite
APPGoogle< 3.25.54.0.0 – 4.27.5 (bez)4.28.0 – 4.28.2 (bez)Google Protobuf Kotlin
APPGoogle< 3.25.54.0.0 – 4.27.5 (bez)4.28.0 – 4.28.2 (bez)Google Protobuf Kotlin Lite
APPGoogle< 3.25.54.0.0 – 4.27.5 (bez)4.28.0 – 4.28.2Netapp Active Iq Unified Manager
APPNetappwszystkie wersjeNetapp Bluexp
APPNetappwszystkie wersjeNetapp Ontap Tools
APPNetapp10
Related vulnerabilities
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features u...
Buffer overflow w GNOME GLib — błąd off-by-one w obsłudze SOCKS4
Apache Avro Java SDK — RCE przez niebezpieczną deserializację schematu
SSRF w Apache CXF przez Aegis DataBinding — ataki na usługi webowe
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass a...