CVE-2018-3738

Medium

protobufjs is vulnerable to ReDoS when parsing crafted invalid .proto files.

hackerone·CWE-770·Published 2018-06-07

CVSS

5.5

EPSS

0.01

KEV

Exploits

cve.orgen

76 chars

protobufjs is vulnerable to ReDoS when parsing crafted invalid .proto files.

NVDen

76 chars

protobufjs is vulnerable to ReDoS when parsing crafted invalid .proto files.

OSV.deven

210 chars

Versions of `protobufjs` before 5.0.3 and 6.8.6 are vulnerable to a regular expression denial of service when parsing crafted invalid *.proto files. ## Recommendation Update to version 5.0.3, 6.8.6 or later.

GHSAen

210 chars

NVDes

145 chars

protobufjs es vulnerable a una denegación de servicio con expresiones regulares (ReDoS) cuando se parsean archivos .proto manipulados no válidos.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P
3.1	Primary	NVD	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H