protobuf@4.21.5 vulnerabilities

latest version

5.27.0
latest non vulnerable version

5.27.0
first published

16 years ago
latest version published

10 days ago
licenses detected
- BSD-3-Clause
  [2.0.3,4.21.0rc1); [4.21.1,)
View protobuf package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the protobuf package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Denial of Service (DoS) protobuf is a Google’s data interchange format Affected versions of this package are vulnerable to Denial of Service (DoS) via the `MessageSet` type, by allowing an attacker to send specially crafted message with multiple key-value per elements, therefore creating parsing issues against services which receive unsanitized input. How to fix Denial of Service (DoS)? Upgrade `protobuf` to version 3.18.3, 3.19.5, 3.20.2, 4.21.6 or higher.	[,3.18.3) [3.19.0rc1,3.19.5) [3.20.0rc1,3.20.2) [4.0.0rc1,4.21.6)

Denial of Service (DoS)

protobuf is a Google’s data interchange format

Affected versions of this package are vulnerable to Denial of Service (DoS) via the MessageSet type, by allowing an attacker to send specially crafted message with multiple key-value per elements, therefore creating parsing issues against services which receive unsanitized input.

How to fix Denial of Service (DoS)?

Upgrade protobuf to version 3.18.3, 3.19.5, 3.20.2, 4.21.6 or higher.

[,3.18.3) [3.19.0rc1,3.19.5) [3.20.0rc1,3.20.2) [4.0.0rc1,4.21.6)

Go back to all versions of this package

protobuf@4.21.5 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities