CVE-2022-3171

Опубликовано: 12 окт. 2022

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 4.3

Описание

A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needed
devel	not-affected	3.21.12-1ubuntu6
esm-infra-legacy/trusty	ignored	changes too intrusive
esm-infra/bionic	ignored	changes too intrusive
esm-infra/focal	ignored	changes too intrusive
esm-infra/xenial	ignored	changes too intrusive
focal	ignored	end of standard support, was ignored [changes too intrusive]
jammy	ignored	changes too intrusive
kinetic	ignored	end of life, was ignored [changes too intrusive]
lunar	not-affected	3.21.12-1ubuntu6

Показывать по

Ссылки на источники

EPSS

Процентиль: 23%

0.00071

Низкий

4.3 Medium

CVSS3

Связанные уязвимости

CVE-2022-3171

CVSS3: 7.5

redhat

больше 2 лет назад

CVE-2022-3171

CVSS3: 4.3

nvd

больше 2 лет назад

CVE-2022-3171

CVSS3: 7.5

msrc

9 месяцев назад

Описание отсутствует

CVE-2022-3171

CVSS3: 4.3

debian

больше 2 лет назад

A parsing issue with binary data in protobuf-java core and lite versio ...

ROS-20221020-02

CVSS3: 7.5

redos

больше 2 лет назад

Уязвимость protobuf-java

EPSS

Процентиль: 23%

0.00071

Низкий

4.3 Medium

CVSS3

CVE-2022-3171

Описание

Пакет protobuf

Ссылки на источники

Связанные уязвимости