GCVE - cpe:2.3:a:golang:protobuf:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:golang:protobuf:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Golang (`670356c5-bd1b-5c66-9eee-f755f5cec4c7`)
Product	Protobuf (`4ad6ef1d-cf33-58b9-b025-696fb87309ab`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/golang-gogoprotobuf`	purl2cpe	2026-06-01 10:12:04.476133
`pkg:deb/debian/golang-goprotobuf`	purl2cpe	2026-06-01 10:12:04.476136
`pkg:deb/ubuntu/golang-gogoprotobuf`	purl2cpe	2026-06-01 10:12:04.476139
`pkg:deb/ubuntu/golang-goprotobuf`	purl2cpe	2026-06-01 10:12:04.476142
`pkg:github/gogo/protobuf`	purl2cpe	2026-06-01 10:12:04.476144
`pkg:github/golang/protobuf`	purl2cpe	2026-06-01 10:12:04.476147
`pkg:rpm/fedora/golang-github-protobuf`	purl2cpe	2026-06-01 10:12:04.476150

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-3121`	vulnerable	2026-06-03 14:45:10.084657	Details available An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue. Published: 2021-01-11T05:57:18.000Z Updated: 2024-08-03T16:45:51.251Z Open on db.gcve.eu Reference links https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc https://github.com/gogo/protobuf/compare/v1.3.1...v1.3.2 https://lists.apache.org/thread.html/r88d69555cb74a129a7bf84838073b61259b4a3830190e05a3b87994e%40%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/rc1e9ff22c5641d73701ba56362fb867d40ed287cca000b131dcf4a44%40%3Ccommits.pulsar.apache.org%3E https://security.netapp.com/advisory/ntap-20210219-0006/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.