An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google protobuf-kotlin |
||
google protobuf-java |
||
google google-protobuf |
||
oracle communications cloud native core console 1.9.0 |
||
oracle communications cloud native core policy 1.15.0 |
||
oracle communications cloud native core network repository function 1.15.0 |
||
oracle communications cloud native core network repository function 1.15.1 |
||
oracle spatial and graph mapviewer 21c |
||
oracle spatial and graph mapviewer 19c |