Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/google/protobuf@4.33.6

Type composer

Namespace google

Name protobuf

Version 4.33.6

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-3y78-ax9a-17e7

vulnerability_id VCID-3y78-ax9a-17e7

summary

Protobuf: Denial of Service issue through malicious messages containing negative varints or deep recursion
### Impact
A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative `varint`s or deep recursion—can be used to crash the application, impacting service availability.

### Patches
Patches have been released to 5.34.0-RC1 and 4.33.6.

references

reference_url

https://github.com/protocolbuffers/protobuf

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/protocolbuffers/protobuf

reference_url

https://github.com/protocolbuffers/protobuf/commit/60e93d2d104f2af9cd345b1c6f3891d91430244a

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/protocolbuffers/protobuf/commit/60e93d2d104f2af9cd345b1c6f3891d91430244a

reference_url

https://github.com/protocolbuffers/protobuf/commit/c8e9b27d95c6ab2d0668b5889e7dac2c477b7038

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/protocolbuffers/protobuf/commit/c8e9b27d95c6ab2d0668b5889e7dac2c477b7038

reference_url

https://github.com/protocolbuffers/protobuf/issues/24159

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/protocolbuffers/protobuf/issues/24159

reference_url

https://github.com/protocolbuffers/protobuf/issues/25067

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/protocolbuffers/protobuf/issues/25067

reference_url

https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-p2gh-cfq4-4wjc

reference_id

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-p2gh-cfq4-4wjc

reference_url

https://github.com/advisories/GHSA-p2gh-cfq4-4wjc

reference_id

GHSA-p2gh-cfq4-4wjc

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p2gh-cfq4-4wjc

fixed_packages

url	pkg:composer/google/protobuf@4.33.6
purl	pkg:composer/google/protobuf@4.33.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/google/protobuf@4.33.6

aliases GHSA-p2gh-cfq4-4wjc

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3y78-ax9a-17e7

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/google/protobuf@4.33.6

Package Instance