Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-hw7c-3rfg-p46j

GitHub Security Advisory

google.golang.org/protobuf vulnerable to panic leading to denial of service

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

Parsing invalid messages can panic.

Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic.

Affected Packages

Go google.golang.org/protobuf
Affected versions: 1.29.0 (fixed in 1.29.1)

Related CVEs

CVE-2023-24535

Key Information

GHSA ID
GHSA-hw7c-3rfg-p46j
Published
March 14, 2023 11:01 PM
Last Modified
May 20, 2024 9:49 PM
CVSS Score
7.5 /10
Primary Ecosystem
Go
Primary Package
google.golang.org/protobuf
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 18, 2025 6:27 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.