cbcvebase.
CVE-2022-3171
published 2022-12-12

CVE-2022-3171: A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a…

high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.

Affected

42 ranges· showing 25
VendorProductVersion rangeFixed in
atlassianjira_software
debianprotobuf< protobuf 3.21.9-3 (bookworm)protobuf 3.21.9-3 (bookworm)
fedoraprojectfedora
googlegoogle-protobuf< 3.16.33.16.3
googlegoogle-protobuf>= 0 < 3.16.33.16.3
googlegoogle-protobuf>= 3.17.0 < 3.19.63.19.6
googlegoogle-protobuf>= 3.17.0.rc.1 < 3.19.63.19.6
googlegoogle-protobuf>= 3.20.0 < 3.20.33.20.3
googlegoogle-protobuf>= 3.20.0.rc.1 < 3.20.33.20.3
googlegoogle-protobuf>= 3.21.0 < 3.21.73.21.7
googlegoogle-protobuf>= 3.21.0.rc.1 < 3.21.73.21.7
googleprotobuf>= 0 < 3.21.9-33.21.9-3
googleprotobuf>= 0 < 3.21.9-33.21.9-3
googleprotobuf>= 0 < 3.21.9-33.21.9-3
googleprotobuf-java< 3.16.33.16.3
googleprotobuf-java>= 3.16.0 < 3.16.33.16.3
googleprotobuf-java>= 3.17.0 < 3.19.63.19.6
googleprotobuf-java>= 3.19.0 < 3.19.63.19.6
googleprotobuf-java>= 3.20.0 < 3.20.33.20.3
googleprotobuf-java>= 3.21.0 < 3.21.73.21.7
googleprotobuf-javalite< 3.16.33.16.3
googleprotobuf-javalite>= 3.16.0 < 3.16.33.16.3
googleprotobuf-javalite>= 3.17.0 < 3.19.63.19.6
googleprotobuf-javalite>= 3.20.0 < 3.20.33.20.3
googleprotobuf-javalite>= 3.21.0 < 3.21.73.21.7

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ghsa7.5HIGH
osv7.5HIGH