Bug 2102598 (CVE-2022-33070) - CVE-2022-33070 protobuf-c: invalid arithmetic shift via the function parse_tag_and_wiretype may lead to DoS
Summary: CVE-2022-33070 protobuf-c: invalid arithmetic shift via the function parse_ta...
Keywords:
Status: NEW
Alias: CVE-2022-33070
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2102599 2102961 2102962
Blocks: 2102600
TreeView+ depends on / blocked
 
Reported: 2022-06-30 10:13 UTC by Marian Rehak
Modified: 2022-08-30 12:14 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in protobuf-c. The issue occurs due to an invalid arithmetic shift via the parse_tag_and_wiretype in the protobuf-c/protobuf-c.c function. This flaw allows attackers to cause a denial of service (DoS) via unspecified vectors.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Marian Rehak 2022-06-30 10:13:40 UTC
An invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.

Reference:

https://github.com/protobuf-c/protobuf-c/pull/508
https://github.com/protobuf-c/protobuf-c/issues/506

Comment 1 Marian Rehak 2022-06-30 10:13:54 UTC
Created protobuf-c tracking bugs for this issue:

Affects: fedora-all [bug 2102599]


Note You need to log in before you can comment on or make changes to this bug.