CVE-2021-3121

Published: November 1, 2021
An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.
HIGH
CVSS v3: 8.6

Status

DocFilters Release Package State Justification Comment
25.1 protobuf (3.0.0) False Positive Code Not Present Unknown vendors ‘golang, hashicorp’
24.4 protobuf (3.0.0) False Positive Code Not Present Unknown vendors ‘golang, hashicorp’
24.4.0 protobuf (3.0.0) False Positive Code Not Present Unknown vendors ‘golang, hashicorp’
24.3 protobuf (3.0.0) False Positive Code Not Present Unknown vendors ‘golang, hashicorp’
24.2.1 protobuf (3.0.0) False Positive Code Not Present Unknown vendors ‘golang, hashicorp’
24.2 protobuf (3.0.0) False Positive Code Not Present Unknown vendors ‘golang, hashicorp’
24.1 protobuf (3.0.0) False Positive Code Not Present Unknown vendors ‘golang, hashicorp’
23.3 protobuf (3.0.0) False Positive Code Not Present Unknown vendors ‘golang, hashicorp’
23.2.1 protobuf (3.0.0) False Positive Code Not Present Unknown vendors ‘golang, hashicorp’
23.2 protobuf (3.0.0) False Positive Code Not Present Unknown vendors ‘golang, hashicorp’
23.1 protobuf (3.0.0) False Positive Code Not Present Unknown vendors ‘golang, hashicorp’
22.4 protobuf (3.0.0) False Positive Code Not Present Unknown vendors ‘golang, hashicorp’
22.3 protobuf (3.0.0) False Positive Code Not Present Unknown vendors ‘golang, hashicorp’
22.2 protobuf (3.0.0) False Positive Code Not Present Unknown vendors ‘golang, hashicorp’
22.1 protobuf (3.0.0) False Positive Code Not Present Unknown vendors ‘golang, hashicorp’
21.11.1 protobuf (3.0.0) False Positive Code Not Present Unknown vendors ‘golang, hashicorp’
21.11 protobuf (3.0.0) False Positive Code Not Present Unknown vendors ‘golang, hashicorp’
21.8.1 protobuf (3.0.0) False Positive Code Not Present Unknown vendors ‘golang, hashicorp’
21.8 protobuf (3.0.0) False Positive Code Not Present Unknown vendors ‘golang, hashicorp’
21.5.1 protobuf (3.0.0) False Positive Code Not Present Unknown vendors ‘golang, hashicorp’
21.5.0 protobuf (3.0.0) False Positive Code Not Present Unknown vendors ‘golang, hashicorp’
21.2.0 protobuf (3.0.0) False Positive Code Not Present Unknown vendors ‘golang, hashicorp’
11.4.20 protobuf (3.0.0) False Positive Code Not Present Unknown vendors ‘golang, hashicorp’
11.4.19.3667 protobuf (3.0.0) False Positive Code Not Present Unknown vendors ‘golang, hashicorp’
11.4.18.3599 protobuf (3.0.0) False Positive Code Not Present Unknown vendors ‘golang, hashicorp’
11.4.17 protobuf (3.0.0) False Positive Code Not Present Unknown vendors ‘golang, hashicorp’
11.4.16.3445 protobuf (3.0.0) False Positive Code Not Present Unknown vendors ‘golang, hashicorp’
11.4.15.3368 protobuf (3.0.0) False Positive Code Not Present Unknown vendors ‘golang, hashicorp’
11.4.14.3263 protobuf (3.0.0) False Positive Code Not Present Unknown vendors ‘golang, hashicorp’
11.4.13.3179 protobuf (3.0.0) False Positive Code Not Present Unknown vendors ‘golang, hashicorp’
11.4.12.3054 protobuf (3.0.0) False Positive Code Not Present Unknown vendors ‘golang, hashicorp’
11.4.11.3040 protobuf (3.0.0) False Positive Code Not Present Unknown vendors ‘golang, hashicorp’
11.4.11.2990 protobuf (3.0.0) False Positive Code Not Present Unknown vendors ‘golang, hashicorp’
11.4.10.2934 protobuf (3.0.0) False Positive Code Not Present Unknown vendors ‘golang, hashicorp’
11.4.9.2878 protobuf (3.0.0) False Positive Code Not Present Unknown vendors ‘golang, hashicorp’
11.4.8.2822 protobuf (3.0.0) False Positive Code Not Present Unknown vendors ‘golang, hashicorp’

Severity score breakdown

Attack Complexity
LOW
Attack Vector
NETWORK
Availability Impact
HIGH
Base Score
8.6
Base Severity
HIGH
Confidentiality Impact
LOW
Integrity Impact
LOW
Privileges Required
NONE
Scope
UNCHANGED
User Interaction
NONE
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Version
3.1

References