VulnerableCode Package Details - pkg:deb/debian/golang-google-protobuf@1.28.1-3?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
VCID-f8ak-21d8-juff Aliases: CVE-2024-24786 GHSA-8r3f-844c-mc37	Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.	1.33.0-1 Affected by 0 other vulnerabilities. 1.36.5-1 Affected by 0 other vulnerabilities. 1.36.7-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-f8ak-21d8-juff
Aliases:
CVE-2024-24786
GHSA-8r3f-844c-mc37

Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

1.33.0-1
Affected by 0 other vulnerabilities.

1.36.5-1
Affected by 0 other vulnerabilities.

1.36.7-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-dqyb-2mjv-97dr	google.golang.org/protobuf vulnerable to panic leading to denial of service Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic.	CVE-2023-24535 GHSA-hw7c-3rfg-p46j

Vulnerability

Summary

Aliases

VCID-dqyb-2mjv-97dr

google.golang.org/protobuf vulnerable to panic leading to denial of service Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic.

CVE-2023-24535
GHSA-hw7c-3rfg-p46j

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-02T03:29:36.612093+00:00	Debian Importer	Fixing	VCID-dqyb-2mjv-97dr	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-04-28T13:08:03.095376+00:00	Debian Importer	Affected by	VCID-f8ak-21d8-juff	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T13:08:25.691451+00:00	Debian Importer	Fixing	VCID-dqyb-2mjv-97dr	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T09:02:18.431406+00:00	Debian Importer	Fixing	VCID-dqyb-2mjv-97dr	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:25:47.669150+00:00	Debian Importer	Affected by	VCID-f8ak-21d8-juff	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:47.616800+00:00	Debian Importer	Fixing	VCID-dqyb-2mjv-97dr	https://security-tracker.debian.org/tracker/data/json	38.1.0