Information on source package protobuf

Available versions

ReleaseVersion
jessie2.6.1-1+deb8u1
stretch3.0.0-9+deb9u1
buster3.6.1.3-2+deb10u1
bullseye3.12.4-1+deb11u1
bookworm3.21.12-3
trixie3.21.12-10
sid3.21.12-10

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2024-7254fixedfixedfixedvulnerable (no DSA, postponed)vulnerable (no DSA)vulnerablevulnerableAny project that parses untrusted Protocol Buffers datacontaining an a ...
CVE-2022-3510vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedA parsing issue similar to CVE-2022-3171, but with Message-Type Extens ...
CVE-2022-3509vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedA parsing issue similar to CVE-2022-3171, but with textformat in proto ...
CVE-2022-3171vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedA parsing issue with binary data in protobuf-java core and lite versio ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2015-5237vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableprotobuf allows remote authenticated attackers to cause a heap-based b ...

Resolved issues

BugDescription
CVE-2024-2410The JsonToBinaryStream()function is part of the protocol buffers C++ i ...
CVE-2022-1941A parsing vulnerability for the MessageSet type in the ProtocolBuffers ...
CVE-2021-22570Nullptr dereference when a null char is present in a proto symbol. The ...
CVE-2021-22569An issue in protobuf-java allowed the interleaving of com.google.proto ...

Security announcements

DSA / DLADescription
ELA-836-1protobuf - security update
DLA-3393-1protobuf - security update

Search for package or bug name: Reporting problems