Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/google/protobuf@4.33.6
purl pkg:composer/google/protobuf@4.33.6
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-3y78-ax9a-17e7 Protobuf: Denial of Service issue through malicious messages containing negative varints or deep recursion ### Impact A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative `varint`s or deep recursion—can be used to crash the application, impacting service availability. ### Patches Patches have been released to 5.34.0-RC1 and 4.33.6. GHSA-p2gh-cfq4-4wjc

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-26T02:32:09.265628+00:00 GitLab Importer Fixing VCID-3y78-ax9a-17e7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/google/protobuf/GHSA-p2gh-cfq4-4wjc.yml 38.4.0
2026-04-02T17:01:24.436674+00:00 GHSA Importer Fixing VCID-3y78-ax9a-17e7 https://github.com/advisories/GHSA-p2gh-cfq4-4wjc 38.1.0
2026-04-01T12:53:19.068578+00:00 GithubOSV Importer Fixing VCID-3y78-ax9a-17e7 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-p2gh-cfq4-4wjc/GHSA-p2gh-cfq4-4wjc.json 38.0.0