CVE-2022-48468

CVSS V2 None CVSS V3 None

Description

protobuf-c before 1.4.1 has an unsigned integer overflow in parse_required_member.

Overview

CVE ID
CVE-2022-48468

Assigner
cve@mitre.org

Vulnerability Status
Undergoing Analysis

Published Version
2023-04-13T21:15:07

Last Modified Date
2023-04-21T18:25:03

Weakness Enumerations

CWE	URL
CWE-190	http://cwe.mitre.org/data/definitions/190.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version Start	Version End
cpe:2.3:a:protobuf-c_project:protobuf-c::::::::	1	OR		1.4.1

References

Reference URL	Reference Tags
https://github.com/protobuf-c/protobuf-c/commit/ec3d900001a13ccdaa8aef996b34c61159c76217
https://github.com/protobuf-c/protobuf-c/issues/499
https://github.com/protobuf-c/protobuf-c/pull/513
https://github.com/protobuf-c/protobuf-c/releases/tag/v1.4.1

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2022-48468
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48468

History

Created	Old Value	New Value	Data Type	Notes
2023-04-17 04:42:04				Added to TrackCVE
2023-04-18 15:00:56	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated
2023-04-21 19:00:58		2023-04-21T18:25:03	CVE Modified Date	updated
2023-04-21 19:00:58	Undergoing Analysis	Analyzed	Vulnerability Status	updated
2023-04-21 19:00:59			Weakness Enumeration	new
2023-04-21 19:01:01			CPE Information	updated
2023-04-28 17:00:55	Analyzed	Undergoing Analysis	Vulnerability Status	updated