DescriptionParsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
golang-google-protobuf (PTS)bullseye1.25.0+git20201208.160c747-1fixed
sid, trixie1.33.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
golang-google-protobufsource(unstable)(not affected)


- golang-google-protobuf <not-affected> (Vulnerable code not in a Debian released version) (v1.29.1)

Search for package or bug name: Reporting problems