Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2022-3509

Published: 12/12/2022 Updated: 15/12/2022
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
Subscribe to Google

Vulnerability Summary

A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions before 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google protobuf-javalite

google protobuf-java

Vendor Advisories

IBM: Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Google protobuf-java (CVE-2022-3171, CVE-2022-3509)
There is a vulnerability in the Google protobuf-java library used by IBM WebSphere Application Server Liberty with the grpc-10 or grpcClient-10 feature enabled This has been addressed ...

Github Repositories

CVE-2022-3509 A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3217, 3203, 3196 and 3163 can lead to a denial of service attack Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable form

References

NVD-CWE-noinfohttps://github.com/protocolbuffers/protobuf/commit/a3888f53317a8018e7a439bac4abeb8f3425d5e9https://github.com/Live-Hack-CVE/CVE-2022-3509https://nvd.nist.govhttps://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-liberty-is-vulnerable-to-a-denial-of-service-due-to-google-protobuf-java-cve-2022-3171-cve-2022-3509/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code executionSSTICVE-2023-28846CVE-2022-47986cache poisoningCVE-2023-23397CVE-2023-28755CVE-2023-25040CVE-2023-1755
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook