PT-2018-16161 · Protobufjs · Protobufjs
Chalker
+1
·
Published
2018-06-07
·
Updated
2023-01-30
·
CVE-2018-3738
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
protobufjs versions prior to 5.0.3
protobufjs versions prior to 6.8.6
Description
The issue concerns a regular expression denial of service when parsing crafted invalid .proto files, potentially leading to ReDoS.
Recommendations
Update to version 5.0.3 or later.
Update to version 6.8.6 or later.
Exploit
Fix
Allocation of Resources Without Limits
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Protobufjs