PT-2015-3391 · Google+4 · Protobuf+4

Merlimat

Published

2015-08-27

Updated

2024-01-12

CVE-2015-5237

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions protobuf (affected versions not specified)

Description The issue is related to a heap-based buffer overflow that can be caused by remote authenticated attackers. It is associated with an error in handling an integer variable during the compilation of the protobuf library. This can potentially allow a remote attacker to execute arbitrary code.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-119

Related Identifiers

ALT-PU-2017-2591

BDU:2021-00232

CVE-2015-5237

ECHO-1CA1-F94C-B75C

GHSA-JWVW-V7C5-M82H

PYSEC-2017-150

PYSEC-2017-65

USN-5769-1

Affected Products

Alt Linux

Astra Linux

Debian

Ubuntu

Protobuf

PT-2015-3391 · Google+4 · Protobuf+4

CVE-2015-5237

Weakness Enumeration

Related Identifiers

Affected Products

References · 86