1. Home
  2. Vulnerabilities
  3. CVE-2021-22569

CVE-2021-22569

CVSS v3.1 5.5 (Medium)
55% Progress
CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 0.09 % (41th)
0.09% Progress
Affected Products 7
Advisories 6
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.

Weaknesses
CWE-696
Incorrect Behavior Order
CWE-NVD-noinfo
CVE Status
PUBLISHED
CNA
Google Inc.
Published Date
2022-01-10 14:10:16
(2 years ago)
Updated Date
2023-04-18 09:15:07
(17 months ago)

Affected Products

Google

Oracle

Configuration #1

    CPE23 From Up To
  Google-protobuf for Ruby prior 3.19.2 version cpe:2.3:a:google:google-protobuf::*:*:*:*:ruby < 3.19.2
  Google Protobuf-java prior 3.16.1 version cpe:2.3:a:google:protobuf-java < 3.16.1
  Google Protobuf-java from 3.18.0 version and prior 3.18.2 version cpe:2.3:a:google:protobuf-java >= 3.18.0 < 3.18.2
  Google Protobuf-java from 3.19.0 version and prior 3.19.2 version cpe:2.3:a:google:protobuf-java >= 3.19.0 < 3.19.2
  Google Protobuf-kotlin prior 3.18.2 version cpe:2.3:a:google:protobuf-kotlin < 3.18.2
  Google Protobuf-kotlin from 3.19.0 version and prior 3.19.2 version cpe:2.3:a:google:protobuf-kotlin >= 3.19.0 < 3.19.2

Configuration #2

    CPE23 From Up To
  Oracle Communications Cloud Native Core Console 1.9.0 cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0
  Oracle Communications Cloud Native Core Network Repository Function 1.15.0 cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0
  Oracle Communications Cloud Native Core Network Repository Function 1.15.1 cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1
  Oracle Communications Cloud Native Core Policy 1.15.0 cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0
  Oracle Spatial And Graph Mapviewer 19c cpe:2.3:a:oracle:spatial_and_graph_mapviewer:19c
  Oracle Spatial And Graph Mapviewer 21c cpe:2.3:a:oracle:spatial_and_graph_mapviewer:21c