| Release | Version |
|---|---|
| bullseye | 3.12.4-1+deb11u1 |
| bookworm | 3.21.12-3 |
| trixie | 3.21.12-11 |
| forky | 3.21.12-14 |
| sid | 3.21.12-14 |
| Bug | bullseye | bookworm | trixie | forky | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2025-4565 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | Any project that uses Protobuf Pure-Python backendto parse untrusted P ... |
| CVE-2024-7254 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | Any project that parses untrusted Protocol Buffers datacontaining an a ... |
| CVE-2022-3510 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | A parsing issue similar to CVE-2022-3171, but with Message-Type Extens ... |
| CVE-2022-3509 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | A parsing issue similar to CVE-2022-3171, but with textformat in proto ... |
| CVE-2022-3171 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | A parsing issue with binary data in protobuf-java core and lite versio ... |
| Bug | bullseye | bookworm | trixie | forky | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2015-5237 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | protobuf allows remote authenticated attackers to cause a heap-based b ... |
| Bug | Description |
|---|---|
| CVE-2024-2410 | The JsonToBinaryStream()function is part of the protocol buffers C++ i ... |
| CVE-2022-1941 | A parsing vulnerability for the MessageSet type in the ProtocolBuffers ... |
| CVE-2021-22570 | Nullptr dereference when a null char is present in a proto symbol. The ... |
| CVE-2021-22569 | An issue in protobuf-java allowed the interleaving of com.google.proto ... |
| DSA / DLA | Description |
|---|---|
| DLA-3393-1 | protobuf - security update |