A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
27 Apr 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Feb 2023, 17:32
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* | |
References |
|
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3/ - Mailing List, Third Party Advisory |
18 Dec 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Oct 2022, 17:28
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-10-12 23:15
Updated : 2024-02-04 22:51
NVD link : CVE-2022-3171
Mitre link : CVE-2022-3171
CVE.ORG link : CVE-2022-3171
JSON object : View
Products Affected
- protobuf-kotlin
- protobuf-java
- google-protobuf
- protobuf-kotlin-lite
- protobuf-javalite
fedoraproject
- fedora
CWE