One Article Review
| Source |  Vuln GCP |
|---|---|
| Identifiant | 8296083 |
| Date de publication | 2022-12-21 17:12:56 (vue: 2022-12-30 21:12:37) |
| Titre | GCP-2022-019 |
| Texte | Published: 2022-09-22Description Description Severity Notes A message parsing and memory management vulnerability in ProtocolBuffer's C++ and Python implementations can trigger an out of memory (OOM) failure when processing a specially crafted message. This could lead to a denial of service (DoS) on services using the libraries. What should I do? Ensure that you're using the latest versions of the following software packages: protobuf-cpp (3.18.3, 3.19.5, 3.20.2, 3.21.6) protobuf-python (3.18.3, 3.19.5, 3.20.2, 4.21.6) What vulnerabilities are addressed by this patch? The patch mitigates the following vulnerability: A specially constructed small message that causes the running service to allocate large amounts of RAM. The small size of the request means that it is easy to take advantage of the vulnerability and exhaust resources. C++ and Python systems that consume untrusted protobufs would be vulnerable to DoS attacks if they contain a MessageSet object in their RPC request. Medium CVE-2022-1941 |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | 019 1941 2022 22description addressed advantage allocate amounts and are attacks c++ can causes constructed consume contain could cpp crafted cve denial description dos easy ensure exhaust failure following gcp implementations large latest lead libraries management means medium memory message messageset mitigates notes object oom out packages: parsing patch processing protobuf protobufs protocolbuffer published: python ram request resources rpc running service services severity should size small software specially systems take that the their they this trigger untrusted using versions vulnerabilities vulnerability vulnerability: vulnerable what when would you |
| Tags | Vulnerability Guideline |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.