Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-22569

Опубликовано: 10 янв. 2022
Источник: nvd
CVSS3: 7.5
CVSS3: 5.5
CVSS2: 4.3
EPSS Низкий

Описание

An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:google:google-protobuf:*:*:*:*:*:ruby:*:*
Версия до 3.19.2 (исключая)
cpe:2.3:a:google:protobuf-java:*:*:*:*:*:*:*:*
Версия до 3.16.1 (исключая)
cpe:2.3:a:google:protobuf-java:*:*:*:*:*:*:*:*
Версия от 3.18.0 (включая) до 3.18.2 (исключая)
cpe:2.3:a:google:protobuf-java:*:*:*:*:*:*:*:*
Версия от 3.19.0 (включая) до 3.19.2 (исключая)
cpe:2.3:a:google:protobuf-kotlin:*:*:*:*:*:*:*:*
Версия до 3.18.2 (исключая)
cpe:2.3:a:google:protobuf-kotlin:*:*:*:*:*:*:*:*
Версия от 3.19.0 (включая) до 3.19.2 (исключая)
Конфигурация 2

Одно из

cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:spatial_and_graph_mapviewer:19c:*:*:*:*:*:*:*
cpe:2.3:a:oracle:spatial_and_graph_mapviewer:21c:*:*:*:*:*:*:*

EPSS

Процентиль: 52%
0.00291
Низкий

7.5 High

CVSS3

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-696
NVD-CWE-noinfo

Связанные уязвимости

ubuntu логотип

CVE-2021-22569

CVSS3: 7.5
ubuntu
около 4 лет назад

An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.

redhat логотип

CVE-2021-22569

CVSS3: 5.5
redhat
около 4 лет назад

An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.

msrc логотип

CVE-2021-22569

CVSS3: 5.5
msrc
больше 1 года назад

Описание отсутствует

debian логотип

CVE-2021-22569

CVSS3: 7.5
debian
около 4 лет назад

An issue in protobuf-java allowed the interleaving of com.google.proto ...

github логотип

GHSA-wrvw-hg22-4m67

CVSS3: 7.5
github
около 4 лет назад

A potential Denial of Service issue in protobuf-java

EPSS

Процентиль: 52%
0.00291
Низкий

7.5 High

CVSS3

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-696
NVD-CWE-noinfo