22 matches found
Security Bulletin: IBM® Db2® is affected by a vulnerability in protobuf-java (CVE-2022-3510, CVE-2022-3509, CVE-2022-3171).
Summary protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for binary and text format data. By sending non-repeated embedded messages with repeated or unknown fields, a remote authenticated attacker could exploit this vulnerability to caus...
Linux Distros Unpatched Vulnerability : CVE-2022-3510
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 ca...
Security Bulletin: protobuf-java component is vulnerable to CVE-2022-3510 and CVE-2022-3509 is used by IBM Maximo Application Suite
Summary IBM Maximo Application Suite uses protobuf-java package which is vulnerable to CVE-2022-3510 and CVE-2022-3509. Vulnerability Details CVEID:CVE-2022-3510 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for...
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use DFDL may be vulnerable to denial of service due to [CVE-2022-3510]
Summary Protobuf is used by IBM App Connect Enterprise Certified Container for compiling and loading DFDL message models. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use DFDL message models may be vulnerable to denial of service if they...
Moderate: Red Hat Security Advisory: Red Hat JBoss EAP 7.4.10 XP 4.0.0.GA security release
JBoss EAP XP 4.0.0.GA security release on the EAP 7.4.10 base is now available. See references for release notes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
CVE-2022-3510
A flaw was found in Message-Type Extensions in protobuf-java core that can lead to a denial of service. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields can cause objects to convert between mutable and immutable forms, resulting in long garbag...
Security Bulletin: Multiple Vulnerabilities in Google Protocol Buffer affect IBM Operations Analytics - Log Analysis (CVE-2022-3509, CVE-2022-3510)
Summary A parsing issue in Google Protocol Buffer shipped with IBM Operations Analytics - Log Analysis can lead to a denial of service attack. Vulnerability Details CVEID:CVE-2022-3510 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing...
Security Bulletin: IBM MQ Blockchain bridge is vulnerable to multiple issues within protobuf-java-core (CVE-2022-3510, CVE-2022-3509)
Summary Multiple issues were identified within protobuf-java-core which is used by fabric gateway which is used by IBM MQ Blockchain bridge to provide Blockchain functionality to IBM MQ. Vulnerability Details CVEID:CVE-2022-3510 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial ...
Security Bulletin: IBM Cloud Pak for Multicloud Management is vulnerable to denial of service due to protobuf-java core and lite
Summary protobuf-java is used by some components of IBM Cloud Pak for Multicloud Management and it is vulnerable to a denial of service. CVE-2022-3509, CVE-2022-3171, CVE-2022-3510 Vulnerability Details CVEID:CVE-2022-3509 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of...
GLSA-202301-09 : protobuf-java: Denial of Service
The remote host is affected by the vulnerability described in GLSA-202301-09 protobuf-java: Denial of Service - A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple...
be.zvz:KotlinInside (>=1.14.0 <=1.14.6), com.google.protobuf:protobuf-kotlin-lite (>=3.20.0 <=3.20.2) +8 more potentially affected by CVE-2022-3510 via com.google.protobuf:protobuf-javalite (>=3.20.0 <=3.20.2)
com.google.protobuf:protobuf-javalite MAVEN version =3.20.0, =1.14.0, =3.20.0, =2.12.0, =2.12.0, =2.3.0, =0.2.4, =0.2.6 - io.github.dimensiondev:maskwalletcore =0.5.0 Source cves: CVE-2022-3510 Source advisory: OSV:GHSA-4GG5-VX3J-XWC7...
ai.edgestore:engine (=1.0.1-alpha03), androidx.health:health-connect-client (>=1.0.0-alpha01 <=1.0.0-alpha02) +132 more potentially affected by CVE-2022-3510 via com.google.protobuf:protobuf-javalite (>=3.17.0 <=3.19.5)
com.google.protobuf:protobuf-javalite MAVEN version =3.17.0, =1.0.0-alpha01, =2022.12, =2022.12, =7.0.2110, =1.0.0, =0.16.1, =0.16.3.1 and more Source cves: CVE-2022-3510 Source advisory: OSV:GHSA-4GG5-VX3J-XWC7...
ai.djl.spring:djl-spring-boot-starter-tensorflow-auto (>=0.15 <=0.18), ai.djl.tensorflow:tensorflow-api (>=0.15.0 <=0.18.0) +7156 more potentially affected by CVE-2022-3510 via com.google.protobuf:protobuf-java (>=3.17.0 <=3.19.5)
com.google.protobuf:protobuf-java MAVEN version =3.17.0, =0.15, =0.15.0, =0.15.0, =0.15.0, =3.32.1.6, =3.32.1.6-1-2.1, =3.32.1.6-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.0.1, =2.8.4-alpha1, =3.0.1-alpha1 and more Source cves: CVE-2022-3510...
ai.grakn:grakn-dist (=0.17.0), ai.grakn:janus-factory (>=0.17.0 <=1.1.0) +10224 more potentially affected by CVE-2022-3510 via com.google.protobuf:protobuf-java (>=3.0.0 <=3.16.1)
com.google.protobuf:protobuf-java MAVEN version =3.0.0, =0.17.0, =1.1.0 - ai.konduit.serving:konduit-serving-api =0.3.0 - ai.konduit.serving:konduit-serving-build =0.3.0 - ai.konduit.serving:konduit-serving-cli =0.3.0 - ai.konduit.serving:konduit-serving-config-creator =0.3.0 -...
ai.tock:tock-nlp-dialogflow (=22.3.1), ai.tock:tock-nlp-model-stanford (=22.3.1) +1290 more potentially affected by CVE-2022-3510 via com.google.protobuf:protobuf-java (>=3.20.0 <=3.20.2)
com.google.protobuf:protobuf-java MAVEN version =3.20.0, =0.10.0, =3.0.0, =0.0.6, =0.0.6, =0.9.5, =2.0.0-alpha.0, =2023.0.0.0-RC1, =2023.0.0.0-RC1, =1.0.3, =1.0.3.AS2.RELEASE and more Source cves: CVE-2022-3510 Source advisory: OSV:GHSA-4GG5-VX3J-XWC7...
build.buf.prototype:connect-kotlin-protoc-gen-javalite-ext (=v0.0.0-test0120), build.buf:connect-kotlin-google-javalite-ext (>=0.0.0-230221 <=0.1.9) +43 more potentially affected by CVE-2022-3510 via com.google.protobuf:protobuf-javalite (>=3.21.0 <=3.21.6)
com.google.protobuf:protobuf-javalite MAVEN version =3.21.0, =0.0.0-230221, =2.15.3unofficial65, =2.15.3unofficial65, =7.0.0.0, =20.3.2, =20.3.2, =3.21.0, =2.15.0, =2.15.0, =2.19.0 - com.ingonoka:grpc-endpoint-authentication-android =v0.2 and more Source cves: CVE-2022-3510 Source advisory:...
CVE-2022-3510
A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown...
CVE-2022-3510 vulnerabilities
Vulnerabilities for packages: trino, celeborn...
CVE-2022-3510 Parsing issue in protobuf message-type extension
A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown...
CVE-2022-3510 Parsing issue in protobuf message-type extension
A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown...