PT-2023-3201 · Unknown+8 · Protobuf-C+8

Bowlofeggs

Published

2022-07-12

Updated

2026-02-24

CVE-2022-48468

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions protobuf-c versions prior to 1.4.1

Description The issue is related to an unsigned integer overflow in the parse required member() function of the protobuf-c protocol serialization data. This can be exploited by a remote attacker to execute arbitrary code, potentially leading to full system compromise.

Recommendations For versions prior to 1.4.1, update to version 1.4.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the parse required member() function until a patch is available.

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2023:6621

ALSA-2023:6944

ALT-PU-2022-2228

AZL-26159

BDU:2023-03313

CESA-2023_6944

CVE-2022-48468

INFSA-2023_6621

OESA-2023-1255

OESA-2023-1256

OPENSUSE-SU-2024:12885-1

OPENSUSE-SU-2026:10244-1

RHSA-2023:6621

RHSA-2023:6944

RHSA-2023_6621

RHSA-2023_6944

RHSA-2024:0406

RHSA-2024:3812

ROSA-SA-2024-2397

SUSE-SU-2023:1979-1

SUSE-SU-2023:2143-1

SUSE-SU-2023_1979-1

SUSE-SU-2023_2143-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Red Hat

Red Os

Suse

Protobuf-C

PT-2023-3201 · Unknown+8 · Protobuf-C+8

CVE-2022-48468

Weakness Enumeration

Related Identifiers

Affected Products

References · 50