An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HGoogle Protobuf
APPGoogle< 3.19.2Google Protobuf Java
APPGoogle< 3.16.13.18.0 – 3.18.2 (bez)3.19.0 – 3.19.2 (bez)Google Protobuf Kotlin
APPGoogle< 3.18.23.19.0 – 3.19.2 (bez)Oracle Communications Cloud Native Core Console
APPOracle1.9.0Oracle Communications Cloud Native Core Network Repository Function
APPOracle1.15.01.15.1Oracle Communications Cloud Native Core Policy
APPOracle1.15.0Oracle Spatial And Graph Mapviewer
APPOracle19c21c
Powiązane podatności
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionalit...
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection ...
A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information ...
H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL contain...