CVE-2022-33070 (https://github.com/protobuf-c/protobuf-c/pull/508): https://github.com/protobuf-c/protobuf-c/issues/506 Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6ef86ad77ac20061ad417f415498bd98573fa5ec commit 6ef86ad77ac20061ad417f415498bd98573fa5ec Author: Sam James <sam@gentoo.org> AuthorDate: 2022-07-11 02:01:17 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-07-11 02:01:40 +0000 dev-libs/protobuf-c: add 1.4.1 Bug: https://bugs.gentoo.org/856043 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/protobuf-c/Manifest | 1 + dev-libs/protobuf-c/protobuf-c-1.4.1.ebuild | 53 +++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+)
