Headline

CVE-2022-48468: unsigned integer overflow · Issue #499 · protobuf-c/protobuf-c

protobuf-c before 1.4.1 has an unsigned integer overflow in parse_required_member.

1 year ago

Bug: len - pref_len will cause integer overlow.
Sugested fix below:

diff --git a/protobuf-c/protobuf-c.c b/protobuf-c/protobuf-c.c
index ad1bdb1…fe5ae91 100644
— a/protobuf-c/protobuf-c.c
+++ b/protobuf-c/protobuf-c.c
@@ -2604,10 +2604,13 @@ parse_required_member(ScannedMember *scanned_member,
return FALSE;

            def_mess = scanned_member->field->default_value;

            subm = protobuf_c_message_unpack(scanned_member->field->descriptor,

                    subm = protobuf_c_message_unpack(scanned_member->field->descriptor,
                                             allocator,
                                             len - pref_len,
                                             data + pref_len);

                    subm = NULL;
  
            if (maybe_clear &&
                *pmessage != NULL &&

Gentoo Linux Security Advisory 202408-33 - Multiple vulnerabilities have been discovered in protobuf-c, the worst of which could result in denial of service. Versions greater than or equal to 1.4.1 are affected.

3 months ago

Packet Storm

Open in Source

#vulnerability #web #mac #linux #dos