Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

Ubuntu 22.04 & 20.04 USN-5531-1 Critical: Protobuf-C DoS

ubuntu
Calendar Grey July 26, 2022
Dist Ubuntu Esm H88
Numerous vulnerabilities addressed in protobuf-c for Ubuntu versions 22.04 and 20.04, notably including threats related to denial of service.
Several security issues were fixed in protobuf-c.

Summary

Several security issues were fixed in protobuf-c.

Software Description:

- protobuf-c: Protocol Buffers C static library and headers (protobuf-c)

Details:

Pietro Borrello discovered that protobuf-c contained an invalid

arithmetic shift. This vulnerability allowed attackers to cause a

denial of service (system crash) via unspecified vectors

(CVE-2022-33070).

It was discovered that protobuf-c contained an unsigned integer

overflow. This vulnerability allowed attackers to cause a denial of

service (system crash) via unspecified vectors.

Todd Miller discovered that protobuf-c contained a possible NULL

dereference. This could cause a vulnerability that allowed attackers to

cause a denial of service (system crash) via unspecified vectors.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
protobuf-c-compiler 1.3.3-1ubuntu2.1

Ubuntu 20.04 LTS:
protobuf-c-compiler 1.3.3-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5531-1

CVE-2022-33070

Severity
critical
Lowest
Low
Medium
High
Critical

July 26, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.