Home > Vulnerability Database > CVE-2022-48468

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2022-48468

Date: April 12, 2023

protobuf-c before 1.4.1 has an unsigned integer overflow in parse_required_member.

Language: C++

Severity Score

5.5

Related Resources (14)

Url: https://github.com/protobuf-c/protobuf-c/releases/tag/v1.4.1

Url: https://github.com/protobuf-c/protobuf-c/issues/499

Url: https://security-tracker.debian.org/tracker/CVE-2022-48468

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNUEZZEPR2F6M67ANXLOPJX6AQL3TK4P/

Url: https://access.redhat.com/security/cve/CVE-2022-48468

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-48468

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI4JZSHJXW7WOOTAQSV5SUCC5GE2GC2B/

Url: https://github.com/protobuf-c/protobuf-c/commit/ec3d900001a13ccdaa8aef996b34c61159c76217

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNUEZZEPR2F6M67ANXLOPJX6AQL3TK4P/

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UGLZZYPOLI733DPETL444E3GY5KSS6LG/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EI4JZSHJXW7WOOTAQSV5SUCC5GE2GC2B/

Url: https://github.com/protobuf-c/protobuf-c/pull/513

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UGLZZYPOLI733DPETL444E3GY5KSS6LG/

Url: https://www.mend.io/vulnerability-database/CVE-2022-48468

Severity Score

5.5

Weakness Type (CWE)

Integer Overflow or Wraparound

CWE-190

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Do you need more information?

Contact Us