INFSA-2025:7138: protobuf security update
Information about definition
Identificator: INFSA-2025:7138
Type: security
Release date: 2025-06-10 08:39:55 UTC
Information about package
The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can encode structured data in an efficient yet extensible format, and provide a flexible, efficient, and automated mechanism for serializing structured data.
Vulnerabilities description
- CVE-2022-1941
A parsing vulnerability for the MessageSet type in the ProtocolBuffers can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2022-1941
|
no information | 6.5 | no information |
Updated packages