CVE-2021-22569
CVSS v3.1
5.5 (Medium)
CVSS v2.0
4.3 (Medium)
EPSS
0.09 % (41th)
Affected Products
7
Advisories
6
An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.
Weaknesses
- CWE-696
- Incorrect Behavior Order
- CWE-NVD-noinfo
- CVE Status
- PUBLISHED
- CNA
- Google Inc.
- Published Date
-
2022-01-10 14:10:16
(2 years ago) - Updated Date
-
2023-04-18 09:15:07
(17 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...