Описание
An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 3.0.0-9.1ubuntu1.1 |
| devel | not-affected | 3.21.12-1ubuntu6 |
| esm-infra-legacy/trusty | released | 2.5.0-9ubuntu1+esm1 |
| esm-infra/bionic | released | 3.0.0-9.1ubuntu1.1 |
| esm-infra/focal | released | 3.6.1.3-2ubuntu5.2 |
| esm-infra/xenial | ignored | changes too intrusive |
| focal | released | 3.6.1.3-2ubuntu5.2 |
| impish | ignored | end of life |
| jammy | released | 3.12.4-1ubuntu7.22.04.1 |
| kinetic | released | 3.12.4-1ubuntu7.22.10.1 |
Показывать по
Ссылки на источники
EPSS
4.3 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.
An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.
An issue in protobuf-java allowed the interleaving of com.google.proto ...
A potential Denial of Service issue in protobuf-java
EPSS
4.3 Medium
CVSS2
7.5 High
CVSS3