google.golang.org/protobuf vulnerable to panic leading to denial of service
High severity
GitHub Reviewed
Published
Mar 14, 2023
to the GitHub Advisory Database
•
Updated May 20, 2024
Package
Affected versions
>= 1.29.0, < 1.29.1
Patched versions
1.29.1
Description
Published to the GitHub Advisory Database
Mar 14, 2023
Reviewed
Mar 14, 2023
Published by the National Vulnerability Database
Jun 8, 2023
Last updated
May 20, 2024
Parsing invalid messages can panic.
Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic.
References