Release | Version |
---|---|
jessie | 2.6.1-1+deb8u1 |
stretch | 3.0.0-9+deb9u1 |
buster | 3.6.1.3-2+deb10u1 |
bullseye | 3.12.4-1+deb11u1 |
bookworm | 3.21.12-3 |
trixie | 3.21.12-10 |
sid | 3.21.12-10 |
Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
---|---|---|---|---|---|---|---|---|
CVE-2024-7254 | fixed | fixed | fixed | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable | vulnerable | Any project that parses untrusted Protocol Buffers datacontaining an a ... |
CVE-2022-3510 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A parsing issue similar to CVE-2022-3171, but with Message-Type Extens ... |
CVE-2022-3509 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A parsing issue similar to CVE-2022-3171, but with textformat in proto ... |
CVE-2022-3171 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A parsing issue with binary data in protobuf-java core and lite versio ... |
Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
---|---|---|---|---|---|---|---|---|
CVE-2015-5237 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | protobuf allows remote authenticated attackers to cause a heap-based b ... |
Bug | Description |
---|---|
CVE-2024-2410 | The JsonToBinaryStream()function is part of the protocol buffers C++ i ... |
CVE-2022-1941 | A parsing vulnerability for the MessageSet type in the ProtocolBuffers ... |
CVE-2021-22570 | Nullptr dereference when a null char is present in a proto symbol. The ... |
CVE-2021-22569 | An issue in protobuf-java allowed the interleaving of com.google.proto ... |
DSA / DLA | Description |
---|---|
ELA-836-1 | protobuf - security update |
DLA-3393-1 | protobuf - security update |