[SPARK-30871] Protobuf vulnerability - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Dependency upgrade
Status: Resolved
Priority: Major
Resolution: Incomplete
Affects Version/s: 2.4.5
Fix Version/s: None
Component/s: Build
Labels:
- bulk-closed
- pull-request-available

Description

Protobuf version 2.5.0 is vulnerable to Integer Overflow by allowing remote authenticated attackers to cause a heap-based buffer overflow in serialisation process.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Florencia Puppo

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 18/Feb/20 22:28

Updated:: 25/May/21 01:55

Resolved:: 25/May/21 01:44