CVE-2015-5237

AST

High

protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.

CVSS

8.8

High

EPSS

0.05

p91

Published

2015-01-01

Updated

2015-01-01

Description

protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.

Tags · CWE

RCE

CWE-190

CWE-787

CAPEC-92

Affected products

Libprotobuf-develLibprotobuf-lite-develLibprotobuf14Libprotobuf14-liteProtobufProtobufProtobufProtobufProtobufProtobufProtobufProtobufProtobufProtobufProtobufProtobufProtobufProtobufProtobufProtobuf

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

2015-01-01

Published

2015-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: L

Low (L)

User Interaction

UI: N

None (N)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: H

High (H)

Integrity Impact

I: H

High (H)

Availability Impact

A: H

High (H)

Exploit indicators

EPSS

0.051 · p91

Known exploited (KEV)

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected products

Libprotobuf-devel Libprotobuf-lite-devel Protobuf-compiler Protobuf-java Protobuf-java-util Protobuf-javadoc Protobuf-parent Python3-module-protobuf Libprotobuf14 Libprotobuf14-lite+2

Google

Protobuf

Группа Астра (РусБИТех)

Protobuf

Product	Vendor	Status
libprotobuf-devel		Tracked
libprotobuf-lite-devel		Tracked
libprotobuf14		Tracked
libprotobuf14-lite		Tracked
protobuf		Tracked
protobuf		Tracked
protobuf		Tracked
protobuf		Tracked
protobuf		Tracked
protobuf		Tracked
protobuf		Tracked
protobuf		Tracked
protobuf		Tracked
protobuf		Tracked
protobuf		Tracked
protobuf		Tracked
protobuf		Tracked
protobuf		Tracked
protobuf		Tracked
protobuf		Tracked

Showing first 20 of 39

Source databases

AST

DEB

CVE

RED

UBU

Related vulnerabilities

BDU:2021-00232