CVE Vulnerabilities

CVE-2022-33070

Published: Jun 23, 2022 | Modified: Nov 07, 2023
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
3.1 LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
Ubuntu
MEDIUM

Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.

Affected Software

Name Vendor Start Version End Version
Protobuf-c Protobuf-c_project 1.4.0 (including) 1.4.0 (including)
Argyll Ubuntu bionic *
Argyll Ubuntu impish *
Argyll Ubuntu kinetic *
Argyll Ubuntu lunar *
Argyll Ubuntu mantic *
Ccextractor Ubuntu impish *
Libgadu Ubuntu bionic *
Libgadu Ubuntu impish *
Libgadu Ubuntu kinetic *
Libgadu Ubuntu lunar *
Libgadu Ubuntu mantic *
Libgadu Ubuntu trusty *
Libgadu Ubuntu xenial *
Libpg-query Ubuntu kinetic *
Libpg-query Ubuntu lunar *
Libpg-query Ubuntu mantic *
Libsignal-protocol-c Ubuntu bionic *
Libsignal-protocol-c Ubuntu impish *
Libsignal-protocol-c Ubuntu kinetic *
Libsignal-protocol-c Ubuntu lunar *
Libsignal-protocol-c Ubuntu mantic *
Ocserv Ubuntu bionic *
Ocserv Ubuntu impish *
Ocserv Ubuntu kinetic *
Ocserv Ubuntu lunar *
Ocserv Ubuntu mantic *
Pidgin Ubuntu bionic *
Pidgin Ubuntu impish *
Pidgin Ubuntu kinetic *
Pidgin Ubuntu lunar *
Pidgin Ubuntu mantic *
Pidgin Ubuntu trusty *
Pidgin Ubuntu trusty/esm *
Pidgin Ubuntu xenial *
Protobuf-c Ubuntu bionic *
Protobuf-c Ubuntu devel *
Protobuf-c Ubuntu focal *
Protobuf-c Ubuntu impish *
Protobuf-c Ubuntu jammy *
Protobuf-c Ubuntu kinetic *
Protobuf-c Ubuntu lunar *
Protobuf-c Ubuntu mantic *
Protobuf-c Ubuntu noble *
Protobuf-c Ubuntu oracular *
Protobuf-c Ubuntu trusty/esm *
Sudo Ubuntu impish *
Sudo Ubuntu jammy *

References