ID CVE-2015-5237
Summary protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:google:protobuf:-:*:*:*:*:*:*:*
    cpe:2.3:a:google:protobuf:-:*:*:*:*:*:*:*
  • cpe:2.3:a:google:protobuf:2.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:google:protobuf:2.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:google:protobuf:2.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:google:protobuf:2.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:google:protobuf:2.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:google:protobuf:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:google:protobuf:2.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:google:protobuf:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:google:protobuf:2.6.1:-:*:*:*:*:*:*
    cpe:2.3:a:google:protobuf:2.6.1:-:*:*:*:*:*:*
  • cpe:2.3:a:google:protobuf:2.6.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:google:protobuf:2.6.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:google:protobuf:3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:google:protobuf:3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:google:protobuf:3.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:google:protobuf:3.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:google:protobuf:3.0.0:alpha1:*:*:*:*:*:*
    cpe:2.3:a:google:protobuf:3.0.0:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:google:protobuf:3.0.0:alpha2:*:*:*:*:*:*
    cpe:2.3:a:google:protobuf:3.0.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:google:protobuf:3.0.0:alpha3:*:*:*:*:*:*
    cpe:2.3:a:google:protobuf:3.0.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:google:protobuf:3.0.0:alpha3.1:*:*:*:*:*:*
    cpe:2.3:a:google:protobuf:3.0.0:alpha3.1:*:*:*:*:*:*
  • cpe:2.3:a:google:protobuf:3.0.0:alpha4:*:*:*:*:*:*
    cpe:2.3:a:google:protobuf:3.0.0:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:google:protobuf:3.0.0:alpha4.1:*:*:*:*:*:*
    cpe:2.3:a:google:protobuf:3.0.0:alpha4.1:*:*:*:*:*:*
  • cpe:2.3:a:google:protobuf:3.0.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:google:protobuf:3.0.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:google:protobuf:3.0.0:beta1.1:*:*:*:*:*:*
    cpe:2.3:a:google:protobuf:3.0.0:beta1.1:*:*:*:*:*:*
  • cpe:2.3:a:google:protobuf:3.0.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:google:protobuf:3.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:google:protobuf:3.0.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:google:protobuf:3.0.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:google:protobuf:3.0.0:beta3-prelease1:*:*:*:*:*:*
    cpe:2.3:a:google:protobuf:3.0.0:beta3-prelease1:*:*:*:*:*:*
  • cpe:2.3:a:google:protobuf:3.0.0:beta3.1:*:*:*:*:*:*
    cpe:2.3:a:google:protobuf:3.0.0:beta3.1:*:*:*:*:*:*
  • cpe:2.3:a:google:protobuf:3.0.0:beta3.2:*:*:*:*:*:*
    cpe:2.3:a:google:protobuf:3.0.0:beta3.2:*:*:*:*:*:*
  • cpe:2.3:a:google:protobuf:3.0.0:beta3.3:*:*:*:*:*:*
    cpe:2.3:a:google:protobuf:3.0.0:beta3.3:*:*:*:*:*:*
  • cpe:2.3:a:google:protobuf:3.0.0:beta4:*:*:*:*:*:*
    cpe:2.3:a:google:protobuf:3.0.0:beta4:*:*:*:*:*:*
  • cpe:2.3:a:google:protobuf:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:google:protobuf:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:google:protobuf:3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:google:protobuf:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:google:protobuf:3.1.0:-:*:*:*:*:*:*
    cpe:2.3:a:google:protobuf:3.1.0:-:*:*:*:*:*:*
  • cpe:2.3:a:google:protobuf:3.1.0:alpha1:*:*:*:*:*:*
    cpe:2.3:a:google:protobuf:3.1.0:alpha1:*:*:*:*:*:*
CVSS
Base: 6.5 (as of 02-09-2021 - 15:15)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:P
refmap via4
confirm
mlist
  • [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
  • [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
  • [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
  • [flink-dev] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version
  • [flink-user] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version
  • [oss-security] 20150827 CVE-2015-5237: Integer overflow in protobuf serialization (currently minor)
  • [pulsar-commits] 20200425 [GitHub] [pulsar] guyv opened a new issue #6818: pulsar-client vulnerability CVE-2015-5237 (shaded protobuf-java:2.4.)
  • [pulsar-commits] 20200428 [GitHub] [pulsar] gaoran10 commented on issue #6818: pulsar-client vulnerability CVE-2015-5237 (shaded protobuf-java:2.4.1)
  • [pulsar-commits] 20200428 [GitHub] [pulsar] gaoran10 edited a comment on issue #6818: pulsar-client vulnerability CVE-2015-5237 (shaded protobuf-java:2.4.1)
  • [pulsar-commits] 20200428 [GitHub] [pulsar] guyv commented on issue #6818: pulsar-client vulnerability CVE-2015-5237 (shaded protobuf-java:2.4.1)
  • [pulsar-commits] 20200428 [GitHub] [pulsar] guyv edited a comment on issue #6818: pulsar-client vulnerability CVE-2015-5237 (shaded protobuf-java:2.4.1)
  • [pulsar-commits] 20200430 [GitHub] [pulsar] sijie commented on issue #6818: pulsar-client vulnerability CVE-2015-5237 (shaded protobuf-java:2.4.1)
  • [pulsar-commits] 20200506 [GitHub] [pulsar] gaoran10 commented on issue #6818: pulsar-client vulnerability CVE-2015-5237 (shaded protobuf-java:2.4.1)
  • [pulsar-commits] 20200506 [GitHub] [pulsar] gaoran10 edited a comment on issue #6818: pulsar-client vulnerability CVE-2015-5237 (shaded protobuf-java:2.4.1)
  • [pulsar-commits] 20200506 [GitHub] [pulsar] sijie commented on issue #6818: pulsar-client vulnerability CVE-2015-5237 (shaded protobuf-java:2.4.1)
  • [pulsar-commits] 20210120 [GitHub] [pulsar] fmiguelez opened a new issue #9250: Protobuf version used in broker and client affected by vulnerability CVE-2015-5237
  • [pulsar-commits] 20210120 [GitHub] [pulsar] merlimat commented on issue #9250: Protobuf version used in broker and client affected by vulnerability CVE-2015-5237
Last major update 02-09-2021 - 15:15
Published 25-09-2017 - 17:29
Last modified 02-09-2021 - 15:15
Back to Top