Google Protocol Buffers CVE-2015-5237 Heap Based Buffer Overflow Vulnerability
BID:105086
Info
Google Protocol Buffers CVE-2015-5237 Heap Based Buffer Overflow Vulnerability
| Bugtraq ID: | 105086 |
| Class: | Input Validation Error |
| CVE: |
CVE-2015-5237 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 27 2017 12:00AM |
| Updated: | Aug 27 2017 12:00AM |
| Credit: | Florian Weimer |
| Vulnerable: |
SAP BusinessObjects BI Platform 4.20 SAP BusinessObjects BI Platform 4.10 Redhat Enterprise Linux 7 Google protobuf 3.3 Google protobuf 3.2 Google protobuf 3.1 Google protobuf 3.0.2 Google protobuf 3.0 Google protobuf 2.5 Google protobuf 2.4.1 |
| Not Vulnerable: |
Google protobuf 3.4 |
Discussion
Google Protocol Buffers CVE-2015-5237 Heap Based Buffer Overflow Vulnerability
Google Protocol Buffers is prone to a heap-based buffer-overflow vulnerability.
Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the application.
Versions prior to Protocol Buffers 3.4.0 are vulnerable.
Google Protocol Buffers is prone to a heap-based buffer-overflow vulnerability.
Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the application.
Versions prior to Protocol Buffers 3.4.0 are vulnerable.
References
Google Protocol Buffers CVE-2015-5237 Heap Based Buffer Overflow Vulnerability
References:
References:
- CVE-2015-5237: Integer overflow in serialization #760 (Google)
- Protocol Buffers v3.4.0 (Github)
- SAP Homepage (SAP)
- Bug 1256426 CVE-2015-5237 protobuf: integer overflow in serialization (Redhat)
- Protocol Buffers Homepage (Google)
- SAP Security Note # 2614229 (SAP)
- SAP Security Patch Day �?? August 2018 (SAP)