CVE-2018-3738

🔶 medium

🔍 Scan for this CVE

protobufjs is vulnerable to ReDoS when parsing crafted invalid .proto files.

CVSS Score

5.5

Medium

EPSS Score

0.2

Exploit Probability

Published Date

2018-06-07

First Seen: 2026-01-05

This CVE is Lower Risk - more severe than 32.6% of all 321,566 vulnerabilities in our database.

#216,619

Below average severity

Severity Percentile

Last Modified 2024-11-21

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE IDs (Weakness Types)

CWE-770 CWE-185

📦 Affected Products 1

Vendor	Product	Status	Affected Versions
protobufjs_project	protobufjs	Affected	≤ 6.8.5

Exploit Third Party Advisory

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-44290	⚠️ high	7.5	0.1	protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs allowed ce...	2026-05-13
CVE-2026-44291	⚠️ high	8.1	0.1	protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs used plain...	2026-05-13
CVE-2026-44288	🔶 medium	5.3	0.0	protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs includes a...	2026-05-13
CVE-2023-36665	⛔ critical	9.8	1.7	"protobuf.js (aka protobufjs) 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than...	2023-07-05
CVE-2022-25878	⚠️ high	8.2	0.4	The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify pro...	2022-05-27

These CVEs affect the same products