CVE-2022-33070 (https://github.com/protobuf-c/protobuf-c/pull/508): https://github.com/protobuf-c/protobuf-c/issues/506 Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6ef86ad77ac20061ad417f415498bd98573fa5ec commit 6ef86ad77ac20061ad417f415498bd98573fa5ec Author: Sam James <sam@gentoo.org> AuthorDate: 2022-07-11 02:01:17 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-07-11 02:01:40 +0000 dev-libs/protobuf-c: add 1.4.1 Bug: https://bugs.gentoo.org/856043 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/protobuf-c/Manifest | 1 + dev-libs/protobuf-c/protobuf-c-1.4.1.ebuild | 53 +++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=a0da025e092e7afa71e7f4671f3b1868819a61da commit a0da025e092e7afa71e7f4671f3b1868819a61da Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-08-12 09:21:36 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-08-12 09:21:52 +0000 [ GLSA 202408-33 ] protobuf-c: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/856043 Bug: https://bugs.gentoo.org/904423 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202408-33.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+)
