HIGH🇬🇧 English

CVE-2021-22569

CVSS 7.5v3.1pub. 2022-01-10upd. 2024-11-21

An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Google Protobuf

    APP
    Google
    < 3.19.2
  • Google Protobuf Java

    APP
    Google
    < 3.16.13.18.0 – 3.18.2 (bez)3.19.0 – 3.19.2 (bez)
  • Google Protobuf Kotlin

    APP
    Google
    < 3.18.23.19.0 – 3.19.2 (bez)
  • Oracle Communications Cloud Native Core Console

    APP
    Oracle
    1.9.0
  • Oracle Communications Cloud Native Core Network Repository Function

    APP
    Oracle
    1.15.01.15.1
  • Oracle Communications Cloud Native Core Policy

    APP
    Oracle
    1.15.0
  • Oracle Spatial And Graph Mapviewer

    APP
    Oracle
    19c21c
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2022-22965CRITICAL9.8⚠ KEVten sam produkt

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...

CVE-2022-22963CRITICAL9.8⚠ KEVten sam produkt

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionalit...

CVE-2022-22947CRITICAL10.0⚠ KEVten sam produkt

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection ...

CVE-2021-3773CRITICAL9.8ten sam produkt

A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information ...

CVE-2022-23221CRITICAL9.8ten sam produkt

H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL contain...