EUVD-2022-0729

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Issue in protobuf-java allows out-of-order processing of fields causing performance issues. Upgrade advised.

Reporter	Title	Published	Views	Family All 118
IBM Security Bulletins	Security Bulletin: Vulnerability from Google Protocol Buffer affect IBM Operations Analytics - Log Analysis (CVE-2021-22569)	7 Nov 202211:28	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Network Automation 2.6 addresses multiple security vulnerabilities	4 Sep 202311:29	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium Insights is affected by multiple vulnerabilities	8 Apr 202220:24	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities found within Apache Storm that is used by IBM Tivoli Network Manager (ITNM) IP Edition	24 Feb 202306:34	–	ibm
IBM Security Bulletins	Security Bulletin: User Entity Behavior Analytics app for IBM QRadar SIEM includes components with known vulnerabilities	17 Oct 202515:07	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities with DataStage on Cloud Pak for Data related to Apache hbase-client 2.4.15	18 Mar 202514:59	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities	29 Sep 202318:56	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities	8 Nov 202220:16	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities affecting IBM Knowledge Catalog for IBM Cloud Pak for Data	1 Jul 202522:16	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities	5 May 202316:01	–	ibm

[
  {
    "enisaIdVendor": [
      {
        "id": "026b3cee-d049-30c2-afef-c2a7a4d98cd7",
        "vendor": {
          "name": "Google LLC"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "07e00ff1-1d07-35ac-ae76-22bd9496fb8e",
        "product": {
          "name": "google-protobuf [JRuby Gem]"
        },
        "product_version": "unspecified <3.19.2"
      },
      {
        "id": "2aa9b5f1-7a0f-382f-b021-542df3602506",
        "product": {
          "name": "protobuf-java"
        },
        "product_version": "unspecified <3.16.1"
      },
      {
        "id": "434cac70-e1c0-34d3-9f5b-45eb2d2794fb",
        "product": {
          "name": "protobuf-kotlin"
        },
        "product_version": "unspecified <3.18.2"
      },
      {
        "id": "7bc9ab80-efa2-383c-8199-a7afd5a40de2",
        "product": {
          "name": "protobuf-java"
        },
        "product_version": "unspecified <3.19.2"
      },
      {
        "id": "89020c00-44d9-3cae-94cb-d547200b5453",
        "product": {
          "name": "protobuf-java"
        },
        "product_version": "unspecified <3.18.2"
      },
      {
        "id": "a3511ef1-fe0b-3070-ae55-615369536226",
        "product": {
          "name": "protobuf-kotlin"
        },
        "product_version": "unspecified <3.19.2"
      }
    ]
  }
]

Source	Link
github	www.github.com/protocolbuffers/protobuf/security/advisories/GHSA-wrvw-hg22-4m67
nvd	www.nvd.nist.gov/vuln/detail/CVE-2021-22569
bugs	www.bugs.chromium.org/p/oss-fuzz/issues/detail
cloud	www.cloud.google.com/support/bulletins
github	www.github.com/protocolbuffers/protobuf
oracle	www.oracle.com/security-alerts/cpuapr2022.html
openwall	www.openwall.com/lists/oss-security/2022/01/12/4
openwall	www.openwall.com/lists/oss-security/2022/01/12/7
suse	www.suse.com/security/cve/CVE-2021-22569.html
access	www.access.redhat.com/errata/RHSA-2022:1013

03 Oct 2025 20:07Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.15.5 - 7.5

CVSS 24.3

EPSS0.00471

SSVC

protobuf-java issue performance upgrade security vulnerability