← Back

CVE-2021-3121

nvd nist
Published: Jan 11, 2021Modified: Nov 21, 2024

JSON object

Loading...
8.6
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Exploitability: 3.9 / Impact: 4.7
Source: NVD

Description

An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.

Affected (7)

Golang
1 product
Protobuf
Hashicorp
1 product
Consul
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Protobuf
Before 1.3.2
Configuration B
6 vulnerable
Vulnerable SoftwareAffected Versions
Hashicorp
Consul
Before 1.8.15
Consul
From 1.10.0 to 1.10.2
Consul
From 1.9.0 to 1.9.9
Consul
Before 1.8.15
Consul
From 1.10.0 to 1.10.2
Consul
From 1.9.0 to 1.9.9

Related CWEs

CWE-129
Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References (14)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
PatchThird Party Advisory
Source: cve@mitre.org
PatchThird Party Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.