Published: 12/12/2022 Updated: 15/12/2022

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions before 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google protobuf-javalite
google protobuf-java

Synopsis Important: Service Registry (container images) release and security update [243 GA] Type/Severity Security Advisory: Important Topic An update to the images for Red Hat Integration - Service Registry is now available from the Red Hat Container Catalog The purpose of this text-only errata is to inform you about the security issues ...

Synopsis Moderate: Red Hat JBoss EAP 7410 XP 400GA security release Type/Severity Security Advisory: Moderate Topic JBoss EAP XP 400GA security release on the EAP 7410 base is now available See references for release notesRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability ...

NVD-CWE-noinfo https://github.com/protocolbuffers/protobuf/commit/a3888f53317a8018e7a439bac4abeb8f3425d5e9 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2023:3815

CVE-2022-3509

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect