CVE-2022-48468Integer Overflow or Wraparound in Project Protobuf-c

CWE-190Integer Overflow or Wraparound6 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 92.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Protobuf-c Project Protobuf-cDebian Libsignal-protocol-cDebian Protobuf-c+6 more
Timeline
PublishedApr 13

Description

protobuf-c before 1.4.1 has an unsigned integer overflow in parse_required_member.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages10 packages

debiandebian/protobuf-c< libsignal-protocol-c 2.3.3-3 (bookworm)
Debianprotobuf-c_project/protobuf-c< 1.4.1-1+2

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-g29w-rp5q-p5vq: protobuf-c before 12023-04-13
OSV
CVE-2022-48468: protobuf-c before 12023-04-13

📋Vendor Advisories

3
Red Hat
protobuf-c: unsigned integer overflow in parse_required_member2023-04-13
Microsoft
protobuf-c before 1.4.1 has an unsigned integer overflow in parse_required_member.2023-04-11
Debian
CVE-2022-48468: libsignal-protocol-c - protobuf-c before 1.4.1 has an unsigned integer overflow in parse_required_membe...2022
CVE-2022-48468 — Integer Overflow or Wraparound | cvebase