Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-3121 (GCVE-0-2021-3121)
Vulnerability from cvelistv5 – Published: 2021-01-11 05:57 – Updated: 2024-08-03 16:45
VLAI?
EPSS
Summary
An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:45:51.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2"
},
{
"name": "[pulsar-commits] 20210121 [GitHub] [pulsar-client-go] hrsakai opened a new pull request #446: Upgrade gogo/protobuf to 1.3.2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210122 [GitHub] [pulsar-client-go] hrsakai opened a new pull request #446: Upgrade gogo/protobuf to 1.3.2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44%40%3Ccommits.pulsar.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210219-0006/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-23-consul-exposed-to-denial-of-service-in-gogo-protobuf-dependency/29025"
},
{
"name": "[skywalking-notifications] 20211018 [GitHub] [skywalking-swck] hanahmily opened a new pull request #37: Fix vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff%40%3Cnotifications.skywalking.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the \"skippy peanut butter\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-18T05:06:11.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2"
},
{
"name": "[pulsar-commits] 20210121 [GitHub] [pulsar-client-go] hrsakai opened a new pull request #446: Upgrade gogo/protobuf to 1.3.2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210122 [GitHub] [pulsar-client-go] hrsakai opened a new pull request #446: Upgrade gogo/protobuf to 1.3.2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44%40%3Ccommits.pulsar.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210219-0006/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-23-consul-exposed-to-denial-of-service-in-gogo-protobuf-dependency/29025"
},
{
"name": "[skywalking-notifications] 20211018 [GitHub] [skywalking-swck] hanahmily opened a new pull request #37: Fix vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff%40%3Cnotifications.skywalking.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-3121",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the \"skippy peanut butter\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc",
"refsource": "MISC",
"url": "https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc"
},
{
"name": "https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2",
"refsource": "MISC",
"url": "https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2"
},
{
"name": "[pulsar-commits] 20210121 [GitHub] [pulsar-client-go] hrsakai opened a new pull request #446: Upgrade gogo/protobuf to 1.3.2",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210122 [GitHub] [pulsar-client-go] hrsakai opened a new pull request #446: Upgrade gogo/protobuf to 1.3.2",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210219-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210219-0006/"
},
{
"name": "https://discuss.hashicorp.com/t/hcsec-2021-23-consul-exposed-to-denial-of-service-in-gogo-protobuf-dependency/29025",
"refsource": "MISC",
"url": "https://discuss.hashicorp.com/t/hcsec-2021-23-consul-exposed-to-denial-of-service-in-gogo-protobuf-dependency/29025"
},
{
"name": "[skywalking-notifications] 20211018 [GitHub] [skywalking-swck] hanahmily opened a new pull request #37: Fix vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-3121",
"datePublished": "2021-01-11T05:57:18.000Z",
"dateReserved": "2021-01-11T00:00:00.000Z",
"dateUpdated": "2024-08-03T16:45:51.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2021-3121
Vulnerability from fkie_nvd - Published: 2021-01-11 06:15 - Updated: 2024-11-21 06:20
Severity ?
Summary
An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:golang:protobuf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F29C1D9-5DC9-4075-BE27-D72F9F69F95B",
"versionEndExcluding": "1.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:*",
"matchCriteriaId": "3CFEFC70-871E-4DC3-B23E-E7AFBE7106C1",
"versionEndExcluding": "1.8.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "D8536B85-06DD-4498-BFB5-C729CF5346C6",
"versionEndExcluding": "1.8.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:*",
"matchCriteriaId": "EA1C73D1-3A32-488A-B5EC-7BDFA7DBD417",
"versionEndExcluding": "1.9.9",
"versionStartIncluding": "1.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "4EA73576-AADE-4142-8617-937F9E5A32F8",
"versionEndExcluding": "1.9.9",
"versionStartIncluding": "1.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:*",
"matchCriteriaId": "19BE17DA-3808-42DD-817A-B43CE7619281",
"versionEndExcluding": "1.10.2",
"versionStartIncluding": "1.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "AE470E84-7E0A-4EFC-91CF-A297C1C3D4FC",
"versionEndExcluding": "1.10.2",
"versionStartIncluding": "1.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the \"skippy peanut butter\" issue."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en GoGo Protobuf versiones anteriores a 1.3.2.\u0026#xa0;El archivo plugin/unmarshal/unmarshal.go carece de determinada comprobaci\u00f3n de \u00edndice, tambi\u00e9n se conoce como el problema \"skippy peanut butter\""
}
],
"id": "CVE-2021-3121",
"lastModified": "2024-11-21T06:20:55.957",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-11T06:15:13.460",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-23-consul-exposed-to-denial-of-service-in-gogo-protobuf-dependency/29025"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff%40%3Cnotifications.skywalking.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210219-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-23-consul-exposed-to-denial-of-service-in-gogo-protobuf-dependency/29025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff%40%3Cnotifications.skywalking.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210219-0006/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-129"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2021-3121
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-3121",
"description": "An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the \"skippy peanut butter\" issue.",
"id": "GSD-2021-3121",
"references": [
"https://www.suse.com/security/cve/CVE-2021-3121.html",
"https://access.redhat.com/errata/RHSA-2022:0283",
"https://access.redhat.com/errata/RHSA-2021:4104",
"https://access.redhat.com/errata/RHBA-2021:3760",
"https://access.redhat.com/errata/RHSA-2021:3759",
"https://access.redhat.com/errata/RHSA-2021:3303",
"https://access.redhat.com/errata/RHSA-2021:3262",
"https://access.redhat.com/errata/RHSA-2021:3259",
"https://access.redhat.com/errata/RHSA-2021:2977",
"https://access.redhat.com/errata/RHSA-2021:2920",
"https://access.redhat.com/errata/RHSA-2021:2438",
"https://access.redhat.com/errata/RHSA-2021:2437",
"https://access.redhat.com/errata/RHSA-2021:2374",
"https://access.redhat.com/errata/RHSA-2021:2286",
"https://access.redhat.com/errata/RHSA-2021:2136",
"https://access.redhat.com/errata/RHSA-2021:2121",
"https://access.redhat.com/errata/RHSA-2021:1563",
"https://access.redhat.com/errata/RHSA-2021:1552",
"https://access.redhat.com/errata/RHBA-2021:1365",
"https://access.redhat.com/errata/RHSA-2021:1227",
"https://access.redhat.com/errata/RHSA-2021:1225",
"https://access.redhat.com/errata/RHSA-2021:1007",
"https://access.redhat.com/errata/RHSA-2021:1006",
"https://access.redhat.com/errata/RHSA-2021:1005",
"https://access.redhat.com/errata/RHSA-2021:0799",
"https://access.redhat.com/errata/RHSA-2021:0719",
"https://access.redhat.com/errata/RHSA-2021:0607",
"https://access.redhat.com/errata/RHSA-2020:5635",
"https://access.redhat.com/errata/RHSA-2020:5634",
"https://access.redhat.com/errata/RHSA-2020:5633",
"https://access.redhat.com/errata/RHSA-2022:0056",
"https://access.redhat.com/errata/RHSA-2022:0577",
"https://access.redhat.com/errata/RHSA-2022:1276",
"https://access.redhat.com/errata/RHSA-2022:1679",
"https://access.redhat.com/errata/RHSA-2022:6536",
"https://access.redhat.com/errata/RHSA-2022:6916"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-3121"
],
"details": "An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the \"skippy peanut butter\" issue.",
"id": "GSD-2021-3121",
"modified": "2023-12-13T01:23:35.291459Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-3121",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the \"skippy peanut butter\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc",
"refsource": "MISC",
"url": "https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc"
},
{
"name": "https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2",
"refsource": "MISC",
"url": "https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2"
},
{
"name": "[pulsar-commits] 20210121 [GitHub] [pulsar-client-go] hrsakai opened a new pull request #446: Upgrade gogo/protobuf to 1.3.2",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210122 [GitHub] [pulsar-client-go] hrsakai opened a new pull request #446: Upgrade gogo/protobuf to 1.3.2",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210219-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210219-0006/"
},
{
"name": "https://discuss.hashicorp.com/t/hcsec-2021-23-consul-exposed-to-denial-of-service-in-gogo-protobuf-dependency/29025",
"refsource": "MISC",
"url": "https://discuss.hashicorp.com/t/hcsec-2021-23-consul-exposed-to-denial-of-service-in-gogo-protobuf-dependency/29025"
},
{
"name": "[skywalking-notifications] 20211018 [GitHub] [skywalking-swck] hanahmily opened a new pull request #37: Fix vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003cv1.3.2",
"affected_versions": "All versions before 1.3.2",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-129",
"CWE-937"
],
"date": "2022-03-29",
"description": "An issue was discovered in GoGo Protobuf before 1.3.2. The file `plugin/unmarshal/unmarshal.go` lacks certain index validation, aka the `skippy peanut butter` issue.",
"fixed_versions": [
"v1.3.2"
],
"identifier": "CVE-2021-3121",
"identifiers": [
"GHSA-c3h9-896r-86jm",
"CVE-2021-3121"
],
"not_impacted": "All versions starting from 1.3.2",
"package_slug": "go/github.com/gogo/protobuf",
"pubdate": "2022-03-28",
"solution": "Upgrade to version 1.3.2 or above.",
"title": "Improper Validation of Array Index",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-3121",
"https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc",
"https://discuss.hashicorp.com/t/hcsec-2021-23-consul-exposed-to-denial-of-service-in-gogo-protobuf-dependency/29025",
"https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2",
"https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E",
"https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e@%3Ccommits.pulsar.apache.org%3E",
"https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44@%3Ccommits.pulsar.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20210219-0006/",
"https://github.com/advisories/GHSA-c3h9-896r-86jm"
],
"uuid": "3cd1f84d-7102-40b0-a281-7ed4980a236a",
"versions": [
{
"commit": {
"sha": "b03c65ea87cdc3521ede29f62fe3ce239267c1bc",
"tags": [
"v1.3.2"
],
"timestamp": "20210110080147"
},
"number": "v1.3.2"
}
]
},
{
"affected_range": "\u003cv1.3.2",
"affected_versions": "All versions before 1.3.2",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-129",
"CWE-937"
],
"date": "2023-02-09",
"description": "An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the \"skippy peanut butter\" issue.",
"fixed_versions": [
"v1.3.2"
],
"identifier": "CVE-2021-3121",
"identifiers": [
"GHSA-c3h9-896r-86jm",
"CVE-2021-3121"
],
"not_impacted": "All versions starting from 1.3.2",
"package_slug": "go/github.com/gogo/protobuf/plugin/unmarshal",
"pubdate": "2022-03-28",
"solution": "Upgrade to version 1.3.2 or above.",
"title": "Improper Validation of Array Index",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-3121",
"https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc",
"https://discuss.hashicorp.com/t/hcsec-2021-23-consul-exposed-to-denial-of-service-in-gogo-protobuf-dependency/29025",
"https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2",
"https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E",
"https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e@%3Ccommits.pulsar.apache.org%3E",
"https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44@%3Ccommits.pulsar.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20210219-0006/",
"https://pkg.go.dev/vuln/GO-2021-0053",
"https://github.com/advisories/GHSA-c3h9-896r-86jm"
],
"uuid": "70af9ed3-3d82-4a5f-8669-c1fb49bc060c",
"versions": [
{
"commit": {
"sha": "b03c65ea87cdc3521ede29f62fe3ce239267c1bc",
"tags": [
"v1.3.2"
],
"timestamp": "20210110080147"
},
"number": "v1.3.2"
}
]
},
{
"affected_range": "\u003cv1.3.2",
"affected_versions": "All versions before 1.3.2",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-129",
"CWE-937"
],
"date": "2022-04-01",
"description": "An issue was discovered in GoGo Protobuf `plugin/unmarshal/unmarshal.go` lacks certain index validation.",
"fixed_versions": [
"v1.3.2"
],
"identifier": "CVE-2021-3121",
"identifiers": [
"CVE-2021-3121"
],
"not_impacted": "",
"package_slug": "go/github.com/gogo/protobuf/protoc-gen-gofast",
"pubdate": "2021-01-11",
"solution": "Upgrade to version 1.3.2 or above.",
"title": "Improper Validation of Array Index",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-3121"
],
"uuid": "b400f995-0b82-42f4-bd61-d912abb9f025",
"versions": [
{
"commit": {
"sha": "b03c65ea87cdc3521ede29f62fe3ce239267c1bc",
"tags": [
"v1.3.2"
],
"timestamp": "20210110080147"
},
"number": "v1.3.2"
}
]
},
{
"affected_range": "\u003cv1.3.2",
"affected_versions": "All versions before 1.3.2",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-129",
"CWE-937"
],
"date": "2023-02-09",
"description": "An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the \"skippy peanut butter\" issue.",
"fixed_versions": [
"v1.3.2"
],
"identifier": "CVE-2021-3121",
"identifiers": [
"GHSA-c3h9-896r-86jm",
"CVE-2021-3121"
],
"not_impacted": "All versions starting from 1.3.2",
"package_slug": "go/github.com/gogo/protobuf/test",
"pubdate": "2022-03-28",
"solution": "Upgrade to version 1.3.2 or above.",
"title": "Improper Validation of Array Index",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-3121",
"https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc",
"https://discuss.hashicorp.com/t/hcsec-2021-23-consul-exposed-to-denial-of-service-in-gogo-protobuf-dependency/29025",
"https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2",
"https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E",
"https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e@%3Ccommits.pulsar.apache.org%3E",
"https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44@%3Ccommits.pulsar.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20210219-0006/",
"https://pkg.go.dev/vuln/GO-2021-0053",
"https://github.com/advisories/GHSA-c3h9-896r-86jm"
],
"uuid": "5fd840a6-ae6c-4049-b380-e5d34a76a2c2",
"versions": [
{
"commit": {
"sha": "b03c65ea87cdc3521ede29f62fe3ce239267c1bc",
"tags": [
"v1.3.2"
],
"timestamp": "20210110080147"
},
"number": "v1.3.2"
}
]
},
{
"affected_range": "\u003cv1.3.2",
"affected_versions": "All versions before 1.3.2",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-129",
"CWE-937"
],
"date": "2023-02-09",
"description": "An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the \"skippy peanut butter\" issue.",
"fixed_versions": [
"v1.3.2"
],
"identifier": "CVE-2021-3121",
"identifiers": [
"GHSA-c3h9-896r-86jm",
"CVE-2021-3121"
],
"not_impacted": "All versions starting from 1.3.2",
"package_slug": "go/github.com/gogo/protobuf/types",
"pubdate": "2022-03-28",
"solution": "Upgrade to version 1.3.2 or above.",
"title": "Improper Validation of Array Index",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-3121",
"https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc",
"https://discuss.hashicorp.com/t/hcsec-2021-23-consul-exposed-to-denial-of-service-in-gogo-protobuf-dependency/29025",
"https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2",
"https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E",
"https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e@%3Ccommits.pulsar.apache.org%3E",
"https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44@%3Ccommits.pulsar.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20210219-0006/",
"https://pkg.go.dev/vuln/GO-2021-0053",
"https://github.com/advisories/GHSA-c3h9-896r-86jm"
],
"uuid": "ac094f3f-197e-4deb-bc26-b827e9f6527e",
"versions": [
{
"commit": {
"sha": "b03c65ea87cdc3521ede29f62fe3ce239267c1bc",
"tags": [
"v1.3.2"
],
"timestamp": "20210110080147"
},
"number": "v1.3.2"
}
]
},
{
"affected_range": "\u003cv1.3.2",
"affected_versions": "All versions before 1.3.2",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-129",
"CWE-937"
],
"date": "2023-02-09",
"description": "An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the \"skippy peanut butter\" issue.",
"fixed_versions": [
"v1.3.2"
],
"identifier": "CVE-2021-3121",
"identifiers": [
"GHSA-c3h9-896r-86jm",
"CVE-2021-3121"
],
"not_impacted": "All versions starting from 1.3.2",
"package_slug": "go/github.com/gogo/protobuf/vanity/test",
"pubdate": "2022-03-28",
"solution": "Upgrade to version 1.3.2 or above.",
"title": "Improper Validation of Array Index",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-3121",
"https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc",
"https://discuss.hashicorp.com/t/hcsec-2021-23-consul-exposed-to-denial-of-service-in-gogo-protobuf-dependency/29025",
"https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2",
"https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E",
"https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e@%3Ccommits.pulsar.apache.org%3E",
"https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44@%3Ccommits.pulsar.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20210219-0006/",
"https://pkg.go.dev/vuln/GO-2021-0053",
"https://github.com/advisories/GHSA-c3h9-896r-86jm"
],
"uuid": "19cd20cd-f788-4f7e-be9c-a99a6ae236d2",
"versions": [
{
"commit": {
"sha": "b03c65ea87cdc3521ede29f62fe3ce239267c1bc",
"tags": [
"v1.3.2"
],
"timestamp": "20210110080147"
},
"number": "v1.3.2"
}
]
},
{
"affected_range": "\u003cv1.8.15 || \u003e=v1.9.0 \u003cv1.9.9 || \u003e=v1.10.0 \u003cv1.10.2",
"affected_versions": "All versions before 1.8.15, all versions starting from 1.9.0 before 1.9.9, all versions starting from 1.10.0 before 1.10.2",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-129",
"CWE-937"
],
"date": "2021-09-14",
"description": "An issue was discovered in GoGo Protobuf `plugin/unmarshal/unmarshal.go` lacks certain index validation, aka the `skippy peanut butter` issue.",
"fixed_versions": [
"v1.8.15",
"v1.9.9",
"v1.10.2"
],
"identifier": "CVE-2021-3121",
"identifiers": [
"CVE-2021-3121"
],
"not_impacted": "All versions starting from 1.8.15 before 1.9.0, all versions starting from 1.9.9 before 1.10.0, all versions starting from 1.10.2",
"package_slug": "go/github.com/hashicorp/consul/acl",
"pubdate": "2021-01-11",
"solution": "Upgrade to versions 1.8.15, 1.9.9, 1.10.2 or above.",
"title": "Improper Validation of Array Index",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-3121"
],
"uuid": "231b4e74-78e0-4c9b-8768-91a89abce0d6",
"versions": [
{
"commit": {
"sha": "0e06cada935d33208c080b6a912cb9683f961dee",
"tags": [
"v1.9.0"
],
"timestamp": "20201124190548"
},
"number": "v1.9.0"
},
{
"commit": {
"sha": "286bb61839d159bb9597d68d13f2f63ccd5e7bdd",
"tags": [
"v1.10.0"
],
"timestamp": "20210622172115"
},
"number": "v1.10.0"
},
{
"commit": {
"sha": "8159a14bed92f774437618587fc8b38fe603ade1",
"tags": [
"v1.9.9"
],
"timestamp": "20210827160612"
},
"number": "v1.9.9"
},
{
"commit": {
"sha": "9eccfe0e6126f40cd84f48e1a267861645f9e21b",
"tags": [
"v1.8.15"
],
"timestamp": "20210827162802"
},
"number": "v1.8.15"
},
{
"commit": {
"sha": "8fba564a86d1857c2e91aa0b16939ad2e75aeb62",
"tags": [
"v1.10.2"
],
"timestamp": "20210827194405"
},
"number": "v1.10.2"
}
]
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:golang:protobuf:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.3.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.8.15",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.8.15",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.9.9",
"versionStartIncluding": "1.9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.9.9",
"versionStartIncluding": "1.9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.10.2",
"versionStartIncluding": "1.10.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.10.2",
"versionStartIncluding": "1.10.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-3121"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the \"skippy peanut butter\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-129"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2"
},
{
"name": "https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc"
},
{
"name": "[pulsar-commits] 20210122 [GitHub] [pulsar-client-go] hrsakai opened a new pull request #446: Upgrade gogo/protobuf to 1.3.2",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210121 [GitHub] [pulsar-client-go] hrsakai opened a new pull request #446: Upgrade gogo/protobuf to 1.3.2",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210219-0006/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210219-0006/"
},
{
"name": "https://discuss.hashicorp.com/t/hcsec-2021-23-consul-exposed-to-denial-of-service-in-gogo-protobuf-dependency/29025",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://discuss.hashicorp.com/t/hcsec-2021-23-consul-exposed-to-denial-of-service-in-gogo-protobuf-dependency/29025"
},
{
"name": "[skywalking-notifications] 20211018 [GitHub] [skywalking-swck] hanahmily opened a new pull request #37: Fix vulnerabilities",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
},
"lastModifiedDate": "2022-04-01T15:41Z",
"publishedDate": "2021-01-11T06:15Z"
}
}
}
GHSA-C3H9-896R-86JM
Vulnerability from github – Published: 2022-03-28 20:28 – Updated: 2022-03-28 20:28
VLAI?
Summary
Improper Input Validation in GoGo Protobuf
Details
An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.
Severity ?
8.6 (High)
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/gogo/protobuf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-3121"
],
"database_specific": {
"cwe_ids": [
"CWE-129",
"CWE-20"
],
"github_reviewed": true,
"github_reviewed_at": "2022-03-28T20:28:00Z",
"nvd_published_at": "2021-01-11T06:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the \"skippy peanut butter\" issue.",
"id": "GHSA-c3h9-896r-86jm",
"modified": "2022-03-28T20:28:00Z",
"published": "2022-03-28T20:28:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121"
},
{
"type": "WEB",
"url": "https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc"
},
{
"type": "WEB",
"url": "https://discuss.hashicorp.com/t/hcsec-2021-23-consul-exposed-to-denial-of-service-in-gogo-protobuf-dependency/29025"
},
{
"type": "PACKAGE",
"url": "https://github.com/gogo/protobuf"
},
{
"type": "WEB",
"url": "https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e@%3Ccommits.pulsar.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44@%3Ccommits.pulsar.apache.org%3E"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2021-0053"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210219-0006"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"type": "CVSS_V3"
}
],
"summary": "Improper Input Validation in GoGo Protobuf"
}
bit-protobuf-2021-3121
Vulnerability from bitnami_vulndb
Published
2024-03-06 11:02
Modified
2025-04-03 14:40
Summary
Details
An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "protobuf",
"purl": "pkg:bitnami/protobuf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.2"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2021-3121"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:golang:protobuf:*:*:*:*:*:*:*:*"
],
"severity": "High"
},
"details": "An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the \"skippy peanut butter\" issue.",
"id": "BIT-protobuf-2021-3121",
"modified": "2025-04-03T14:40:37.652Z",
"published": "2024-03-06T11:02:30.475Z",
"references": [
{
"type": "WEB",
"url": "https://discuss.hashicorp.com/t/hcsec-2021-23-consul-exposed-to-denial-of-service-in-gogo-protobuf-dependency/29025"
},
{
"type": "WEB",
"url": "https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc"
},
{
"type": "WEB",
"url": "https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff%40%3Cnotifications.skywalking.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e%40%3Ccommits.pulsar.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44%40%3Ccommits.pulsar.apache.org%3E"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210219-0006/"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121"
}
],
"schema_version": "1.5.0"
}
bit-consul-2021-3121
Vulnerability from bitnami_vulndb
Published
2024-03-06 10:53
Modified
2025-04-03 14:40
Summary
Details
An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "consul",
"purl": "pkg:bitnami/consul"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.8.15"
},
{
"introduced": "1.9.0"
},
{
"fixed": "1.9.9"
},
{
"introduced": "1.10.0"
},
{
"fixed": "1.10.2"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2021-3121"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:*",
"cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*"
],
"severity": "High"
},
"details": "An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the \"skippy peanut butter\" issue.",
"id": "BIT-consul-2021-3121",
"modified": "2025-04-03T14:40:37.652Z",
"published": "2024-03-06T10:53:33.669Z",
"references": [
{
"type": "WEB",
"url": "https://discuss.hashicorp.com/t/hcsec-2021-23-consul-exposed-to-denial-of-service-in-gogo-protobuf-dependency/29025"
},
{
"type": "WEB",
"url": "https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc"
},
{
"type": "WEB",
"url": "https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff%40%3Cnotifications.skywalking.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e%40%3Ccommits.pulsar.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44%40%3Ccommits.pulsar.apache.org%3E"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210219-0006/"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3121"
}
],
"schema_version": "1.5.0"
}
CVE-2021-3121
Vulnerability from fstec - Published: 07.08.2020
VLAI Severity ?
Title
Уязвимость функции библиотеки GoGo Protobuf, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Description
Уязвимость функции в plugin/unmarshal/unmarshal.go библиотеки GoGo Protobuf связана с неверным индексированием массива. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity ?
Vendor
Сообщество свободного программного обеспечения, АО "НППКТ", IBM Corp.
Software Name
GoGo Protobuf, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), IBM Robotic Process Automation
Software Version
до 1.3.2 (GoGo Protobuf), до 2.7 (ОСОН ОСнова Оnyx), до 21.0.2.5 (IBM Robotic Process Automation)
Possible Mitigations
Использование рекомендаций:
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2021-3121.html
Для программных продуктов IBM Corp.:
https://www.ibm.com/support/pages/node/6614451
Для ОСОН ОСнова Оnyx (версия 2.7):
Обновление программного обеспечения golang-gogoprotobuf до версии 1.3.2-1
Reference
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-multiple-vulnerabilities-5/
https://nvd.nist.gov/vuln/detail/CVE-2021-3121
https://www.suse.com/security/cve/CVE-2021-3121.html
https://www.ibm.com/support/pages/node/6614451
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.7/
CWE
CWE-129
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", IBM Corp.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 1.3.2 (GoGo Protobuf), \u0434\u043e 2.7 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 21.0.2.5 (IBM Robotic Process Automation)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2021-3121.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 IBM Corp.:\nhttps://www.ibm.com/support/pages/node/6614451\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0432\u0435\u0440\u0441\u0438\u044f 2.7):\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f golang-gogoprotobuf \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.3.2-1",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "07.08.2020",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "31.07.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "30.09.2021",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-04800",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-3121",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "GoGo Protobuf, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), IBM Robotic Process Automation",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 GoGo Protobuf, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u043e\u0435 \u0438\u043d\u0434\u0435\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u043c\u0430\u0441\u0441\u0438\u0432\u0430 (CWE-129)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0432 plugin/unmarshal/unmarshal.go \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 GoGo Protobuf \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0432\u0435\u0440\u043d\u044b\u043c \u0438\u043d\u0434\u0435\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043c\u0430\u0441\u0441\u0438\u0432\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-multiple-vulnerabilities-5/\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3121\nhttps://www.suse.com/security/cve/CVE-2021-3121.html\nhttps://www.ibm.com/support/pages/node/6614451\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.7/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-129",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,6)"
}
CERTFR-2025-AVI-0627
Vulnerability from certfr_avis - Published: 2025-07-25 - Updated: 2025-07-25
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | WebSphere | WebSphere Remote Server sans le dernier correctif de sécurité | ||
| IBM | QRadar | Security QRadar Network Threat Analytics versions antérieures à 1.4.0 | ||
| IBM | Db2 | DB2 Data Management Console versions antérieures à 5.1.2 sur CPD | ||
| IBM | Db2 Query Management Facility | DB2 Query Management Facility versions 13.1.x sans le dernier correctif de sécurité | ||
| IBM | Db2 | DB2 Data Management Console versions antérieures à 3.1.13.1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "WebSphere Remote Server sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Security QRadar Network Threat Analytics versions ant\u00e9rieures \u00e0 1.4.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console versions ant\u00e9rieures \u00e0 5.1.2 sur CPD",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Query Management Facility versions 13.1.x sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Db2 Query Management Facility",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console versions ant\u00e9rieures \u00e0 3.1.13.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-29041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29041"
},
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-5629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5629"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2023-44270",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44270"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2023-26115",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26115"
},
{
"name": "CVE-2023-46298",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46298"
},
{
"name": "CVE-2025-36097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36097"
},
{
"name": "CVE-2021-38561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38561"
},
{
"name": "CVE-2024-1135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1135"
},
{
"name": "CVE-2025-4565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
},
{
"name": "CVE-2022-24999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2021-3121",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3121"
},
{
"name": "CVE-2024-52046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52046"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2024-6827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6827"
},
{
"name": "CVE-2025-2900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2900"
},
{
"name": "CVE-2023-26136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
},
{
"name": "CVE-2023-32305",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32305"
}
],
"initial_release_date": "2025-07-25T00:00:00",
"last_revision_date": "2025-07-25T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0627",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7240466",
"url": "https://www.ibm.com/support/pages/node/7240466"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7240530",
"url": "https://www.ibm.com/support/pages/node/7240530"
},
{
"published_at": "2025-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7240471",
"url": "https://www.ibm.com/support/pages/node/7240471"
},
{
"published_at": "2025-07-22",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7240267",
"url": "https://www.ibm.com/support/pages/node/7240267"
},
{
"published_at": "2025-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7240474",
"url": "https://www.ibm.com/support/pages/node/7240474"
},
{
"published_at": "2025-07-22",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7240250",
"url": "https://www.ibm.com/support/pages/node/7240250"
}
]
}
CERTFR-2022-AVI-591
Vulnerability from certfr_avis - Published: 2022-06-30 - Updated: 2022-06-30
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Spectrum | IBM Spectrum Protect Plus versions antérieures à 10.1.11 | ||
| IBM | Spectrum | IBM Spectrum Protect Client versions antérieures à 8.1.1.15 | ||
| IBM | N/A | IBM® Db2® et Db2 Warehouse® sur Cloud Pak for Data versions antérieures à 4.5.0 | ||
| IBM | Db2 | IBM® Db2® sur Openshift versions antérieures à 11.5.7.0-cn5 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Spectrum Protect Plus versions ant\u00e9rieures \u00e0 10.1.11",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Client versions ant\u00e9rieures \u00e0 8.1.1.15",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM\u00ae Db2\u00ae et Db2 Warehouse\u00ae sur Cloud Pak for Data versions ant\u00e9rieures \u00e0 4.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM\u00ae Db2\u00ae sur Openshift versions ant\u00e9rieures \u00e0 11.5.7.0-cn5",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-29368",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29368"
},
{
"name": "CVE-2021-20322",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20322"
},
{
"name": "CVE-2018-1099",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1099"
},
{
"name": "CVE-2021-4154",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4154"
},
{
"name": "CVE-2021-45485",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45485"
},
{
"name": "CVE-2022-27191",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27191"
},
{
"name": "CVE-2021-30465",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30465"
},
{
"name": "CVE-2019-11249",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11249"
},
{
"name": "CVE-2020-8557",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8557"
},
{
"name": "CVE-2020-7919",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7919"
},
{
"name": "CVE-2019-11247",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11247"
},
{
"name": "CVE-2020-28851",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28851"
},
{
"name": "CVE-2021-42248",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42248"
},
{
"name": "CVE-2018-1002105",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1002105"
},
{
"name": "CVE-2021-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
},
{
"name": "CVE-2020-15112",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15112"
},
{
"name": "CVE-2021-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4203"
},
{
"name": "CVE-2021-25736",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25736"
},
{
"name": "CVE-2020-27813",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27813"
},
{
"name": "CVE-2018-17848",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17848"
},
{
"name": "CVE-2019-16884",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16884"
},
{
"name": "CVE-2021-41864",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41864"
},
{
"name": "CVE-2020-36385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36385"
},
{
"name": "CVE-2020-25704",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25704"
},
{
"name": "CVE-2021-25735",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25735"
},
{
"name": "CVE-2017-18367",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18367"
},
{
"name": "CVE-2020-8564",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8564"
},
{
"name": "CVE-2021-20206",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20206"
},
{
"name": "CVE-2019-11246",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11246"
},
{
"name": "CVE-2021-31916",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31916"
},
{
"name": "CVE-2020-8565",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8565"
},
{
"name": "CVE-2021-27918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27918"
},
{
"name": "CVE-2021-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3635"
},
{
"name": "CVE-2021-3573",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3573"
},
{
"name": "CVE-2018-1098",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1098"
},
{
"name": "CVE-2021-28971",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28971"
},
{
"name": "CVE-2019-11254",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11254"
},
{
"name": "CVE-2022-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0286"
},
{
"name": "CVE-2021-4002",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4002"
},
{
"name": "CVE-2021-4083",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4083"
},
{
"name": "CVE-2021-45486",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45486"
},
{
"name": "CVE-2020-8551",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8551"
},
{
"name": "CVE-2017-1002101",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1002101"
},
{
"name": "CVE-2021-4157",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4157"
},
{
"name": "CVE-2020-15106",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15106"
},
{
"name": "CVE-2021-43784",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43784"
},
{
"name": "CVE-2021-20321",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20321"
},
{
"name": "CVE-2018-17142",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17142"
},
{
"name": "CVE-2022-0185",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0185"
},
{
"name": "CVE-2022-0847",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0847"
},
{
"name": "CVE-2021-41190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41190"
},
{
"name": "CVE-2021-44733",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44733"
},
{
"name": "CVE-2020-8552",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8552"
},
{
"name": "CVE-2021-20269",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20269"
},
{
"name": "CVE-2020-8554",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8554"
},
{
"name": "CVE-2019-11252",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11252"
},
{
"name": "CVE-2021-3121",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3121"
},
{
"name": "CVE-2019-11250",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11250"
},
{
"name": "CVE-2022-22942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
},
{
"name": "CVE-2022-1011",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1011"
},
{
"name": "CVE-2021-3669",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3669"
},
{
"name": "CVE-2020-8559",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8559"
},
{
"name": "CVE-2020-10752",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10752"
},
{
"name": "CVE-2021-28950",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28950"
},
{
"name": "CVE-2021-29650",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29650"
},
{
"name": "CVE-2020-36322",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36322"
},
{
"name": "CVE-2020-28852",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28852"
},
{
"name": "CVE-2021-4155",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4155"
},
{
"name": "CVE-2020-15113",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15113"
},
{
"name": "CVE-2020-29652",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29652"
},
{
"name": "CVE-2018-17847",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17847"
},
{
"name": "CVE-2022-0492",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0492"
},
{
"name": "CVE-2020-26160",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26160"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2021-42836",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42836"
},
{
"name": "CVE-2020-8555",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8555"
},
{
"name": "CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"name": "CVE-2018-17143",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17143"
},
{
"name": "CVE-2019-11841",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11841"
},
{
"name": "CVE-2018-20699",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20699"
},
{
"name": "CVE-2021-33194",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33194"
},
{
"name": "CVE-2020-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14040"
},
{
"name": "CVE-2021-3764",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3764"
},
{
"name": "CVE-2019-1002101",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1002101"
},
{
"name": "CVE-2021-38201",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38201"
},
{
"name": "CVE-2021-21781",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21781"
},
{
"name": "CVE-2022-0850",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0850"
},
{
"name": "CVE-2021-3538",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3538"
},
{
"name": "CVE-2019-11253",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11253"
},
{
"name": "CVE-2021-25737",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25737"
},
{
"name": "CVE-2018-17846",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17846"
},
{
"name": "CVE-2021-4028",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4028"
},
{
"name": "CVE-2021-43565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43565"
},
{
"name": "CVE-2021-25741",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25741"
},
{
"name": "CVE-2018-16886",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16886"
},
{
"name": "CVE-2021-44907",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44907"
},
{
"name": "CVE-2021-4197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4197"
},
{
"name": "CVE-2020-9283",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9283"
},
{
"name": "CVE-2019-11840",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11840"
},
{
"name": "CVE-2019-11251",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11251"
},
{
"name": "CVE-2020-36067",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36067"
}
],
"initial_release_date": "2022-06-30T00:00:00",
"last_revision_date": "2022-06-30T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-591",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-06-30T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6596399 du 29 juin 2022",
"url": "https://www.ibm.com/support/pages/node/6596399"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6596971 du 29 juin 2022",
"url": "https://www.ibm.com/support/pages/node/6596971"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6599703 du 29 juin 2022",
"url": "https://www.ibm.com/support/pages/node/6599703"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…