QSearchQSearch

CVE-2021-3121

8.6 HIGH

An issue was discovered in GoGo Protobuf before 1.3.2

Published: 2021-01-11 · Last updated: 2026-06-17

Severity and scoring

CVSS
8.6 HIGH
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
CWE
CWE-129

Affected products

VendorProduct
golangconsul, protobuf
hashicorpconsul, protobuf

Description

An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-42506 Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree (6.1 MEDIUM)
  • CVE-2026-42502 Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree (6.1 MEDIUM)
  • CVE-2026-39821 The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label (9.6 CRITICAL)
  • CVE-2026-27136 Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree (6.1 MEDIUM)
  • CVE-2026-25681 Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree (6.1 MEDIUM)

Same CWE

  • CVE-2026-45624 ImageMagick is free and open-source software used for editing and manipulating digital images (5.1 MEDIUM)
  • CVE-2026-45359 ImageMagick is free and open-source software used for editing and manipulating digital images (5.7 MEDIUM)
  • CVE-2026-24181 NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation (7.3 HIGH)
  • CVE-2026-25276 Memory corruption while using Strongbox due to missing bounds check (8.8 HIGH)
  • CVE-2026-46163 In the Linux kernel, the following vulnerability has been resolved: wifi: b43legacy: enforce bounds check on firmware key index in RX pa... (7.8 HIGH)