CVE-2022-1941— Out of Memory issue in ProtocolBuffers for cpp and python
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-1941
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Out of Memory issue in ProtocolBuffers for cpp and python
Source: NVD (National Vulnerability Database)
Vulnerability Description
A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-1286
Source: NVD (National Vulnerability Database)
Vulnerability Title
Google protobuf 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Google protobuf是美国谷歌(Google)公司的一种数据交换格式。 Google protobuf protobuf-cpp 和 protobuf-python存在安全漏洞,该漏洞源于在处理特制消息时触发内存不足 (OOM) 故障,从而导致拒绝服务。以下产品及版本受到影响:protobuf-cpp 3.16.1版本及之前版本、3.17.3版本及之前版本、3.18.2版本及之前版本、3.19.4版本及之前版本、3.20.1版本及之前版本、3.21.5版本及之前版本,protobuf-pytho
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Google LLC | protobuf-cpp | unspecified ~ 3.16.1 | - | |
| Google LLC | protobuf-python | unspecified ~ 3.16.1 | - |
II. Public POCs for CVE-2022-1941
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-1941
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same vendor: Google LLC
- CVE-2022-3095
Incorrect parsing of the backslash characters in Dart librar - CVE-2022-3474
Bazel leaks user credentials through the remote assets API - CVE-2022-3421
Privilege escalation in Google Drive for Desktop on MacOS - CVE-2022-3171
Memory handling vulnerability in ProtocolBuffers Java core a - CVE-2022-1798
Path Traversal vulnerability in Kubevirt
Same weakness: CWE-1286
- CVE-2026-6442
Improper Command Detection Logic Allows RCE in Cortex Code C - CVE-2026-40198
Net::CIDR::Lite versions before 0.23 for Perl does not valid - CVE-2026-33778
Junos OS: SRX Series, MX Series: When a specifically malform - CVE-2026-34835
Rack: `Rack::Request` accepts invalid Host characters, enabl - CVE-2026-20114
Cisco IOS XE Software 安全漏洞
V. Comments for CVE-2022-1941
No comments yet