The vulnerability of the Java Protocol Buffers protobuf-java environment library, related to insufficient validation of input data, allows attackers to trigger service failures.

The vulnerability of the Java Protocol Buffers protobuf-java environment library is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

CVE-2022-3171

A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted...

UBUNTU-CVE-2022-3171

A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted...

Design/Logic Flaw

A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted...

CVE-2022-3171

A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted...

CVE-2022-3171

CVE-2022-3171 describes a parsing issue in protobuf-java core and lite where inputs containing multiple non-repeated embedded messages with repeated or unknown fields can flip objects between mutable and immutable forms, causing long garbage-collection pauses and DoS. Affected versions are protob...

CVE-2022-3171

A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted...

Important: Red Hat Security Advisory: Service Registry (container images) release and security update [2.3.0.GA]

An update to the images for Red Hat Integration Service Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact o...

ae.teletronics.nlp:entityextraction (=1.3), ae.teletronics.nlp:w2vec (=1.0) +20747 more potentially affected by CVE-2022-3171 via com.google.protobuf:protobuf-java (>=2.0.3 <=3.16.1)

com.google.protobuf:protobuf-java MAVEN version =2.0.3, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =1.0.1, =1.0.6, =1.0.6, =1.1, =1.1.1, =1.2, =1.2, =1.2.10 and more Source cves: CVE-2022-3171 Source advisory: OSV:GHSA-H4H5-3HR4-J3G2...

protobuf-java has a potential Denial of Service issue

Summary A potential Denial of Service issue in protobuf-java core and lite was discovered in the parsing procedure for binary and text format data. Input streams containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted...

ai.djl.spring:djl-spring-boot-starter-tensorflow-auto (>=0.15 <=0.18), ai.djl.tensorflow:tensorflow-api (>=0.15.0 <=0.18.0) +7125 more potentially affected by CVE-2022-3171 via com.google.protobuf:protobuf-java (>=3.17.0-rc-1 <=3.19.5)

com.google.protobuf:protobuf-java MAVEN version =3.17.0-rc-1, =0.15, =0.15.0, =0.15.0, =0.15.0, =3.32.1.6, =3.32.1.6-1-2.1, =3.32.1.6-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.0.1, =2.8.4-alpha1, =3.0.1-alpha1 and more Source cves: CVE-2022-317...

GHSA-H4H5-3HR4-J3G2 protobuf-java has a potential Denial of Service issue

Summary A potential Denial of Service issue in protobuf-java core and lite was discovered in the parsing procedure for binary and text format data. Input streams containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted...

ai.bareun.tagger:bareun (>=1.0.0 <=1.4.1), ai.djl.serving:serving (=0.19.0) +3735 more potentially affected by CVE-2022-3171 via com.google.protobuf:protobuf-java (>=3.21.0-rc-1 <=3.21.6)

com.google.protobuf:protobuf-java MAVEN version =3.21.0-rc-1, =1.0.0, =3.42.0.2-1-3.4, =0.0.1, =22.3.2, =22.3.2, =22.3.2, =22.3.2, =1.0.0-beta01, =1.0.0-beta01, =1.0.0-beta06 - at.ac.ait.lablink.clients:universalapiclient =0.1.0 and more Source cves: CVE-2022-3171 Source advisory:...

protobuf-java has a potential Denial of Service issue

Summary A potential Denial of Service issue in protobuf-java core and lite was discovered in the parsing procedure for binary and text format data. Input streams containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted...

PT-2022-6746 · Google +3 · Protobuf-Java +4

Name of the Vulnerable Software and Affected Versions: protobuf-java core and lite versions prior to 3.21.7 protobuf-java core and lite versions prior to 3.20.3 protobuf-java core and lite versions prior to 3.19.6 protobuf-java core and lite versions prior to 3.16.3 Description: A parsing issue i...

protobuf-java: potential DoS in the parsing procedure for binary data

A flaw was found in protobuf-java. Google Protocol Buffer protobuf-java allows the interleaving of com.google.protobuf.UnknownFieldSet fields. By persuading a victim to open specially-crafted content, a remote attacker could cause a timeout in the ProtobufFuzzer function, resulting in a denial of...

GHSA-FJH6-P566-WR6Q skylot jadx affected by Incorrect Behavior Order in vulnerable dependency

Impact Vulnerable library protobuf-java 3.11.4 CVE-2021-22569 Patches Dependency updated in jadx 1.4.3 References According to the AquaSecurity report: Also, Maven repository have links to this and other vulnerabilities from dependencies:...

skylot jadx affected by Incorrect Behavior Order in vulnerable dependency

Impact Vulnerable library protobuf-java 3.11.4 CVE-2021-22569 Patches Dependency updated in jadx 1.4.3 References According to the AquaSecurity report: Also, Maven repository have links to this and other vulnerabilities from dependencies:...

protobuf-java: potential DoS in the parsing procedure for binary data

A flaw was found in protobuf-java. Google Protocol Buffer protobuf-java allows the interleaving of com.google.protobuf.UnknownFieldSet fields. By persuading a victim to open specially-crafted content, a remote attacker could cause a timeout in the ProtobufFuzzer function, resulting in a denial of...

Important: Red Hat Security Advisory: Red Hat Fuse 7.11.0 release and security update

A minor version update from 7.10 to 7.11 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scorin...