Headline
CVE-2022-48468: unsigned integer overflow · Issue #499 · protobuf-c/protobuf-c
protobuf-c before 1.4.1 has an unsigned integer overflow in parse_required_member.
Bug: len - pref_len will cause integer overlow.
Sugested fix below:
diff --git a/protobuf-c/protobuf-c.c b/protobuf-c/protobuf-c.c
index ad1bdb1…fe5ae91 100644
— a/protobuf-c/protobuf-c.c
+++ b/protobuf-c/protobuf-c.c
@@ -2604,10 +2604,13 @@ parse_required_member(ScannedMember *scanned_member,
return FALSE;
def_mess = scanned_member->field->default_value;
subm = protobuf_c_message_unpack(scanned_member->field->descriptor,
subm = protobuf_c_message_unpack(scanned_member->field->descriptor, allocator, len - pref_len, data + pref_len);
subm = NULL; if (maybe_clear && *pmessage != NULL &&
Related news
Gentoo Linux Security Advisory 202408-33
Gentoo Linux Security Advisory 202408-33 - Multiple vulnerabilities have been discovered in protobuf-c, the worst of which could result in denial of service. Versions greater than or equal to 1.4.1 are affected.