cbcvebase.
CVE-2021-22569
published 2022-01-10

CVE-2021-22569: An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small…

medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.

Affected

34 ranges· showing 25
VendorProductVersion rangeFixed in
debianprotobuf< protobuf 3.21.9-3 (bookworm)protobuf 3.21.9-3 (bookworm)
googlegoogle-protobuf< 3.19.23.19.2
googlegoogle-protobuf>= 0 < 3.19.23.19.2
googleprotobuf>= 0 < 3.12.4-1+deb11u13.12.4-1+deb11u1
googleprotobuf>= 0 < 3.21.9-33.21.9-3
googleprotobuf>= 0 < 3.21.9-33.21.9-3
googleprotobuf>= 0 < 3.21.9-33.21.9-3
googleprotobuf>= 0 < 3.0.0-9.1ubuntu1.13.0.0-9.1ubuntu1.1
googleprotobuf>= 0 < 3.6.1.3-2ubuntu5.23.6.1.3-2ubuntu5.2
googleprotobuf>= 0 < 3.12.4-1ubuntu7.22.04.13.12.4-1ubuntu7.22.04.1
googleprotobuf>= 0 < 2.5.0-9ubuntu1+esm12.5.0-9ubuntu1+esm1
googleprotobuf-java< 3.16.13.16.1
googleprotobuf-java>= 3.18.0 < 3.18.23.18.2
googleprotobuf-java>= 3.19.0 < 3.19.23.19.2
googleprotobuf-kotlin< 3.18.23.18.2
googleprotobuf-kotlin>= 3.19.0 < 3.19.23.19.2
google_llcgoogle-protobuf>= unspecified < 3.19.23.19.2
google_llcprotobuf-java>= unspecified < 3.16.13.16.1
google_llcprotobuf-java>= unspecified < 3.18.23.18.2
google_llcprotobuf-java>= unspecified < 3.19.23.19.2
google_llcprotobuf-kotlin>= unspecified < 3.18.23.18.2
google_llcprotobuf-kotlin>= unspecified < 3.19.23.19.2
msrcazl3_python-tensorboard_2.11.0-3_on_azure_linux_3.0
msrcazl3_python-tensorboard_2.16.2-2_on_azure_linux_3.0
msrcazl3_pytorch_2.2.2-5_on_azure_linux_3.0

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
ghsa5.5MEDIUM
osv5.5MEDIUM