AVG-2826 log
| Package | protobuf-c |
| Status | Fixed |
| Severity | Medium |
| Type | denial of service |
| Affected | 1.4.0-4 |
| Fixed | 1.4.1-1 |
| Current | 1.5.0-2 [extra] |
| Ticket | None |
| Created | Sun Feb 19 12:28:21 2023 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2022-33070 | Medium | Yes | Denial of service | invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c |
| References |
|---|
https://github.com/protobuf-c/protobuf-c/issues/506 https://github.com/protobuf-c/protobuf-c/pull/508 |