Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2022-33070

Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.

Related bugs and status

CVE-2022-33070 (Candidate) is related to these bugs:

Bug #1956617: [MIR] protobuf-c

		In	Importance	Status
1956617	[MIR] protobuf-c	protobuf-c (Ubuntu)	Undecided	Fix Released
1956617	[MIR] protobuf-c	protobuf-c (Ubuntu Jammy)	Undecided	Fix Released
1956617	[MIR] protobuf-c	protobuf-c (Ubuntu Focal)	Undecided	Fix Committed
1956617	[MIR] protobuf-c	protobuf-c (Ubuntu Kinetic)	Undecided	Fix Released
1956617	[MIR] protobuf-c	OEM Priority Project	High	In Progress

See the

CVE page on Mitre.org for more details.

References

MISC: https://github.com/pro...
MISC: https://github.com/pro...
FEDORA: FEDORA-2022-3be472fe11