Google Protocolbuffers vulnerabilities

3 known vulnerabilities affecting google/protocolbuffers.

Total CVEs

3

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1

CVE-2022-3510MEDIUMCVSS 4.3≥ 3.21.0, < 3.21.7≥ 3.20.0, < 3.20.3+2 more2022-11-11

CVE-2022-3510 [MEDIUM] Parsing issue in protobuf message-type extension Parsing issue in protobuf message-type extension A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable for

CVE-2022-3509MEDIUMCVSS 4.3≥ 3.21.0, < 3.21.7≥ 3.20.0, < 3.20.3+2 more2022-11-01

CVE-2022-3509 [MEDIUM] Parsing issue in protobuf textformat Parsing issue in protobuf textformat A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long gar

CVE-2022-3171HIGHCVSS 7.5≥ 3.21.0, < 3.21.7≥ 3.20.0, < 3.20.3+2 more2022-10-12

CVE-2022-3171 [MEDIUM] CWE-20 CVE-2022-3171: A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3. A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in p