Vulnerability	Vulnerable Version
M Denial of Service (DoS) protobuf is a Google’s data interchange format Affected versions of this package are vulnerable to Denial of Service (DoS) via the `MessageSet` type, by allowing an attacker to send specially crafted message with multiple key-value per elements, therefore creating parsing issues against services which receive unsanitized input. How to fix Denial of Service (DoS)? Upgrade `protobuf` to version 3.18.3, 3.19.5, 3.20.2, 4.21.6 or higher.	[,3.18.3)[3.19.0rc1,3.19.5)[3.20.0rc1,3.20.2)[4.0.0rc1,4.21.6)
H Integer Overflow protobuf is a Google’s data interchange format Affected versions of this package are vulnerable to Integer Overflow by allowing remote authenticated attackers to cause a heap-based buffer overflow in serialisation process. How to fix Integer Overflow? Upgrade `protobuf` to version 3.4.0 or higher.	[,3.4.0)

Denial of Service (DoS)

protobuf is a Google’s data interchange format

Affected versions of this package are vulnerable to Denial of Service (DoS) via the MessageSet type, by allowing an attacker to send specially crafted message with multiple key-value per elements, therefore creating parsing issues against services which receive unsanitized input.

How to fix Denial of Service (DoS)?

Upgrade protobuf to version 3.18.3, 3.19.5, 3.20.2, 4.21.6 or higher.

[,3.18.3)[3.19.0rc1,3.19.5)[3.20.0rc1,3.20.2)[4.0.0rc1,4.21.6)

Integer Overflow

protobuf is a Google’s data interchange format

Affected versions of this package are vulnerable to Integer Overflow by allowing remote authenticated attackers to cause a heap-based buffer overflow in serialisation process.

How to fix Integer Overflow?

Upgrade protobuf to version 3.4.0 or higher.

[,3.4.0)

Go back to all versions of this package