CVE-2022-3171MEDIUMCVSS 4.3≥ 3.21.7, < 3.21.7·≥ 3.20.3, < 3.20.3+2 more2022-10-12
CVE-2022-3171 [MEDIUM] CWE-20 Memory handling vulnerability in ProtocolBuffers Java core and lite
Memory handling vulnerability in ProtocolBuffers Java core and lite
A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable
cvelistv5