CVE-2018-3738

Summary

protobufjs is vulnerable to ReDoS when parsing crafted invalid .proto files.

Affected Software

VendorProductVersion RangeStatus
HackerOneprotobufjs node moduleVersions up to and including 6.8.5affected

Weaknesses

  • CWE-770: Allocation of Resources Without Limits or Throttling (CWE-770)

ADP Enrichment

CVE Program Container

Additional References

References