oss-sec mailing list archives
CVE-2015-5237: Integer overflow in protobuf serialization (currently minor)
From: Florian Weimer <fweimer () redhat com>
Date: Thu, 27 Aug 2015 11:56:09 +0200
https://github.com/google/protobuf/issues/760 This is currently not intended to be addressed upstream, which is a bit disappointing. It's true that this issue does not have much exposure right now, but in a couple of years, the message sizes involved will not seem so gigantic anymore. And as explained in the bug report, fixing this will be difficult because it involves updating generated code; it won't be a simple library update. -- Florian Weimer / Red Hat Product Security
Current thread:
- CVE-2015-5237: Integer overflow in protobuf serialization (currently minor) Florian Weimer (Aug 27)