Published: 10/01/2022 Updated: 18/04/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google protobuf-kotlin
google protobuf-java
google google-protobuf
oracle communications cloud native core console 1.9.0
oracle communications cloud native core policy 1.15.0
oracle communications cloud native core network repository function 1.15.0
oracle communications cloud native core network repository function 1.15.1
oracle spatial and graph mapviewer 21c
oracle spatial and graph mapviewer 19c

Synopsis Moderate: Red Hat Integration Camel Extensions for Quarkus 221 security update Type/Severity Security Advisory: Moderate Topic A security update to Red Hat Integration Camel Extensions for Quarkus 22 is now available The purpose of this text-only errata is to inform you about the security issues fixedRed Hat Product Security has ...

Synopsis Moderate: Red Hat Process Automation Manager 7130 security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat Process Automation ManagerRed Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base score, which gives a ...

Synopsis Moderate: Red Hat Integration Debezium 197 security update Type/Severity Security Advisory: Moderate Topic A security update for Debezium is now available for Red Hat IntegrationRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which giv ...

Synopsis Moderate: Red Hat support for Spring Boot 272 update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat OpenShift Application Runtimes Description Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths an ...

Synopsis Moderate: Red Hat build of Quarkus 275 release and security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat build of QuarkusRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a det ...

Synopsis Important: Service Registry (container images) release and security update [230GA] Type/Severity Security Advisory: Important Topic An update to the images for Red Hat Integration Service Registry is now available from the Red Hat Container Catalog The purpose of this text-only errata is to inform you about the security issues fi ...

Synopsis Important: Red Hat Fuse 7110 release and security update Type/Severity Security Advisory: Important Topic A minor version update (from 710 to 711) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security has rated this update ...

An issue in protobuf-java allowed the interleaving of comgoogleprotobufUnknownFieldSet fields in such a way that would be processed out of order A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses We recommend upgrading libraries beyond the vu ...

oss-sec mailing list archives   By Date By Thread </form>    CVE-2021-22569: Protobuf Java, Kotlin, JRuby DoS   From: Ana Oprea <an ...

oss-sec mailing list archives   By Date By Thread </form>    Re: CVE-2021-22569: Protobuf Java, Kotlin, JRuby DoS   From: John Helmert ...

A potential Denial of Service issue in protobuf-java high severity GitHub Reviewed Published 5 days ago in protocolbuffers/protobuf • Updated yesterday Vulnerability details Dependabot alerts 2 Package com.google.protobuf:protobuf-java (maven) Affected versions < 3.16.1 >= 3.18.0, < 3.18.2 >= 3.19.0, < 3.19.2 Patched versions 3.16.1 3.18.2 3.19.…

A-potential-Denial-of-Service-issue-in-protobuf-java A potential Denial of Service issue in protobuf-java high severity GitHub Reviewed Published 5 days ago in protocolbuffers/protobuf • Updated yesterday Vulnerability details Dependabot alerts 2 Package comgoogleprotobuf:protobuf-java (maven) Affected versions < 3161 >= 3180, < 3182 >=

NVD-CWE-noinfo https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39330 https://cloud.google.com/support/bulletins#gcp-2022-001 http://www.openwall.com/lists/oss-security/2022/01/12/4 http://www.openwall.com/lists/oss-security/2022/01/12/7 https://www.oracle.com/security-alerts/cpuapr2022.html https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html https://nvd.nist.gov https://github.com/Mario-Kart-Felix/A-potential-Denial-of-Service-issue-in-protobuf-java https://access.redhat.com/errata/RHSA-2022:1013

CVE-2021-22569

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect