Bug 2477083 (CVE-2026-44288)
| Summary: | CVE-2026-44288 protobufjs: protobufjs: Security control bypass due to improper handling of overlong UTF-8 sequences | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | abarbaro, abuckta, alizardo, amctagga, aoconnor, bbrownin, bniver, caswilli, cdrage, dkuc, dschmidt, erezende, flucifre, gmeno, groman, jchui, jhe, jkoehler, jlanda, jwong, kaycoth, kshier, ktsao, lchilton, lphiri, manissin, mbenjamin, mhackett, mstipich, nboldt, oaljalju, omaciel, orabin, psrna, rexwhite, rhel-process-autobot, rushinde, sfeifer, simaishi, smcdonal, sostapov, stcannon, sthirugn, teagle, ttakamiy, vereddy, watson-tool-maintainers, yguenane |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in protobufjs, a library that compiles protobuf definitions into JavaScript functions. An attacker who can provide specially crafted protobuf binary data containing overlong UTF-8 (Unicode Transformation Format - 8-bit) byte sequences may be able to bypass application-level checks. This occurs because the minimal UTF-8 decoder in protobufjs incorrectly decodes these sequences to their canonical characters instead of rejecting them. This could lead to unexpected data interpretation and potentially allow an attacker to circumvent security controls.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2487454, 2487455, 2487456, 2487457, 2487458, 2487459 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-05-13 16:03:10 UTC
|