Vulnerabilities > CVE-2022-1941

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

google

fedoraproject

debian

NVD

Published: 2022-09-22

Updated: 2024-08-01

Summary

A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated.

Vulnerable Configurations

Part	Description	Count
Application	Google Google Protobuf CPP 3.21.0 Google Protobuf CPP 3.21.1 Google Protobuf CPP 3.21.2 Google Protobuf CPP 3.21.3 Google Protobuf CPP 3.21.4 Google Protobuf CPP 3.21.5 Google Protobuf CPP 3.20.0 Google Protobuf CPP 3.20.1 Google Protobuf CPP 3.19.0 Google Protobuf CPP 3.19.1 Google Protobuf CPP 3.19.2 Google Protobuf CPP 3.19.3 Google Protobuf CPP 3.19.4 Google Protobuf CPP - Google Protobuf CPP 2.4.1 Google Protobuf CPP 2.5.0 Google Protobuf CPP 2.6.0 Google Protobuf CPP 2.6.1 Google Protobuf CPP 3.0.0 Google Protobuf CPP 3.0.2 Google Protobuf CPP 3.1.0 Google Protobuf CPP 3.2.0 Google Protobuf CPP 3.2.1 Google Protobuf CPP 3.3.0 Google Protobuf CPP 3.3.1 Google Protobuf CPP 3.3.2 Google Protobuf CPP 3.4.0 Google Protobuf CPP 3.4.1 Google Protobuf CPP 3.5.0 Google Protobuf CPP 3.5.0.1 Google Protobuf CPP 3.5.1 Google Protobuf CPP 3.5.1.1 Google Protobuf CPP 3.5.2 Google Protobuf CPP 3.6.0 Google Protobuf CPP 3.6.0.1 Google Protobuf CPP 3.6.1 Google Protobuf CPP 3.6.1.1 Google Protobuf CPP 3.6.1.2 Google Protobuf CPP 3.6.1.3 Google Protobuf CPP 3.7.0 Google Protobuf CPP 3.7.1 Google Protobuf CPP 3.8.0 Google Protobuf CPP 3.9.0 Google Protobuf CPP 3.9.1 Google Protobuf CPP 3.9.2 Google Protobuf CPP 3.10.0 Google Protobuf CPP 3.10.1 Google Protobuf CPP 3.11.0 Google Protobuf CPP 3.11.1 Google Protobuf CPP 3.11.2 Google Protobuf CPP 3.11.3 Google Protobuf CPP 3.11.4 Google Protobuf CPP 3.12.0 Google Protobuf CPP 3.12.1 Google Protobuf CPP 3.12.2 Google Protobuf CPP 3.12.3 Google Protobuf CPP 3.12.4 Google Protobuf CPP 3.13.0 Google Protobuf CPP 3.13.0.1 Google Protobuf CPP 3.14.0 Google Protobuf CPP 3.15.0 Google Protobuf CPP 3.15.1 Google Protobuf CPP 3.15.2 Google Protobuf CPP 3.15.3 Google Protobuf CPP 3.15.4 Google Protobuf CPP 3.15.5 Google Protobuf CPP 3.15.6 Google Protobuf CPP 3.15.7 Google Protobuf CPP 3.15.8 Google Protobuf CPP 3.16.0 Google Protobuf CPP 3.16.1 Google Protobuf CPP 3.16.2 Google Protobuf CPP 3.17.0 Google Protobuf CPP 3.17.1 Google Protobuf CPP 3.17.2 Google Protobuf CPP 3.17.3 Google Protobuf CPP 3.18.0 Google Protobuf CPP 3.18.1 Google Protobuf CPP 3.18.2 Google Protobuf Python 4.0.0 Google Protobuf Python 4.21.0 Google Protobuf Python 4.21.1 Google Protobuf Python 4.21.2 Google Protobuf Python 4.21.3 Google Protobuf Python 4.21.4 Google Protobuf Python 4.21.5 Google Protobuf Python 3.20.0 Google Protobuf Python 3.20.1 Google Protobuf Python 3.19.0 Google Protobuf Python 3.19.1 Google Protobuf Python 3.19.2 Google Protobuf Python 3.19.3 Google Protobuf Python 3.19.4 Google Protobuf Python - Google Protobuf Python 2.0.0 Google Protobuf Python 2.0.3 Google Protobuf Python 2.3.0 Google Protobuf Python 2.4.1 Google Protobuf Python 2.5.0 Google Protobuf Python 2.6.0 Google Protobuf Python 2.6.1 Google Protobuf Python 3.0.0 Google Protobuf Python 3.1.0 Google Protobuf Python 3.2.0 Google Protobuf Python 3.3.0 Google Protobuf Python 3.4.0 Google Protobuf Python 3.5.1 Google Protobuf Python 3.5.2 Google Protobuf Python 3.6.0 Google Protobuf Python 3.6.1 Google Protobuf Python 3.7.0 Google Protobuf Python 3.7.1 Google Protobuf Python 3.8.0 Google Protobuf Python 3.9.0 Google Protobuf Python 3.9.1 Google Protobuf Python 3.9.2 Google Protobuf Python 3.10.0 Google Protobuf Python 3.11.0 Google Protobuf Python 3.11.1 Google Protobuf Python 3.11.2 Google Protobuf Python 3.11.3 Google Protobuf Python 3.12.0 Google Protobuf Python 3.12.1 Google Protobuf Python 3.12.2 Google Protobuf Python 3.12.4 Google Protobuf Python 3.13.0 Google Protobuf Python 3.14.0 Google Protobuf Python 3.15.0 Google Protobuf Python 3.15.1 Google Protobuf Python 3.15.2 Google Protobuf Python 3.15.3 Google Protobuf Python 3.15.4 Google Protobuf Python 3.15.5 Google Protobuf Python 3.15.6 Google Protobuf Python 3.15.7 Google Protobuf Python 3.15.8 Google Protobuf Python 3.16.0 Google Protobuf Python 3.17.0 Google Protobuf Python 3.17.1 Google Protobuf Python 3.17.2 Google Protobuf Python 3.17.3 Google Protobuf Python 3.18.0 Google Protobuf Python 3.18.1	234
OS	Fedoraproject Fedoraproject Fedora 36 Fedoraproject Fedora 37	2
OS	Debian Debian Debian Linux 10.0	1

Vulnerabilities > CVE-2022-1941 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2022-1941"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2022-1941