Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2022-3171

Published: 12/10/2022 Updated: 07/11/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Google

Vulnerability Summary

A parsing issue with binary data in protobuf-java core and lite versions before 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google protobuf-java

google protobuf-kotlin-lite

google protobuf-kotlin

google protobuf-javalite

google google-protobuf

fedoraproject fedora 37

Vendor Advisories

Red Hat: Important: Red Hat build of Quarkus 2.13.5 release and security update
Synopsis Important: Red Hat build of Quarkus 2135 release and security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat build of Quarkus Red Hat ProductSecurity has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a ...
Red Hat: Important: Red Hat Process Automation Manager 7.13.4 security update
Synopsis Important: Red Hat Process Automation Manager 7134 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Process Automation ManagerRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which ...
Red Hat: Important: Red Hat build of Quarkus 2.7.7 release and security update
Synopsis Important: Red Hat build of Quarkus 277 release and security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat build of Quarkus Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a ...
Red Hat: Moderate: Red Hat Integration Debezium 1.9.7 security update
Synopsis Moderate: Red Hat Integration Debezium 197 security update Type/Severity Security Advisory: Moderate Topic A security update for Debezium is now available for Red Hat IntegrationRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which giv ...
Red Hat:
DescriptionThe MITRE CVE dictionary describes this issue as: A parsing issue with binary data in protobuf-java core and lite versions prior to 3217, 3203, 3196 and 3163 can lead to a denial of service attack Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted ...

References

NVD-CWE-noinfohttps://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2https://security.gentoo.org/glsa/202301-09https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP/https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2022:9023https://access.redhat.com/security/cve/cve-2022-3171
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook