Linux Distros Unpatched Vulnerability : CVE-2022-3171

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inpu...

Linux Distros Unpatched Vulnerability : CVE-2022-3509

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a...

Linux Distros Unpatched Vulnerability : CVE-2022-3510

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 ca...

DoS (Denial of Service) com.google.protobuf:protobuf-java Dependency in Bamboo Data Center and Server

This High severity com.google.protobuf:protobuf-java Dependency vulnerability was introduced in versions 9.5.0, 9.6.0, and 10.0.0-rc3 of Bamboo Data Center and Server. This com.google.protobuf:protobuf-java Dependency vulnerability, with a CVSS Score of 8.7 and a CVSS Vector of...

DoS (Denial of Service) com.google.protobuf:protobuf-java Dependency in Jira Software Data Center and Server

This High severity com.google.protobuf:protobuf-java Dependency vulnerability was introduced in versions 9.4.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.11.0, 9.12.0, 9.13.0, 9.14.0, 9.15.0, 9.16.1, 9.17.0, 10.0.0, and 10.1.1 of Jira Software Data Center and Server. This...

Security Bulletin: Vulnerability in protobuf-java affects watsonx.data

Summary protobuf-java is vulnerable to stack overflow attacks. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by...

Security Bulletin: Security Vulnerability in protobuf-java Affects the B2B API of IBM Sterling B2B Integrator (CVE-2024-7254)

Summary IBM Sterling B2B Integrator has addressed the security vulnerability in protobuf-java Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by...

Security Bulletin: IBM Maximo Application Suite uses bcprov-jdk18on-1.72.jar and protobuf-java-3.22.0.jar which is vulnerable to CVE-2023-33201, CVE-2023-33202, CVE-2024, CVE-2024-7254

Summary Security Bulletin: Security Bulletin: IBM Maximo Application Suite uses bcprov-jdk18on-1.72.jar and protobuf-java-3.22.0.jar which is vulnerable to CVE-2023-33201, CVE-2023-33202, CVE-2024, CVE-2024-7254. This bulletin contains information regarding the vulnerability and its fixture...

Security Bulletin: Vulnerabilities in Protobuf-java affect IBM watsonx.data

Summary Protobuf-java core and lite are vulnerable to a denial of service attacks which can affect watsonx.data. Vulnerability Details CVEID:CVE-2022-3171 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for binary and text...

Security Bulletin: Vulnerabilities in Protobuf-java affect IBM watsonx.data

Summary Protobuf-java core and lite are vulnerable to denial of service attacks which can affect watsonx.data. Vulnerability Details CVEID:CVE-2022-3171 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for binary and text...

build.buf:protovalidate (>=0.3.1 <=0.4.1), cn.loyom.boot:loyom-boot-cache (=1.0.0-JDK21) +113 more potentially affected by CVE-2024-7254 via com.google.protobuf:protobuf-java (>=4.28.0-RC1 <=4.28.1)

com.google.protobuf:protobuf-java MAVEN version =4.28.0-RC1, =0.3.1, =0.4.1 - cn.loyom.boot:loyom-boot-cache =1.0.0-JDK21 - cn.loyom.boot:loyom-boot-common =1.0.0-JDK21 - cn.loyom.boot:loyom-boot-jar-loader =1.0.0-JDK21 - cn.loyom.boot:loyom-boot-plugin =1.0.0-JDK21 -...

ae.teletronics.nlp:entityextraction (=1.3), ae.teletronics.nlp:w2vec (=1.0) +33675 more potentially affected by CVE-2024-7254 via com.google.protobuf:protobuf-java (>=2.0.3 <=3.25.4)

com.google.protobuf:protobuf-java MAVEN version =2.0.3, =0.1.1, =0.1.1, =0.1.1, =1.4.6, =1.0.0, =0.0.23, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =1.0.1, =1.2.8 and more Source cves: CVE-2024-7254 Source advisory: OSV:GHSA-735F-PC8J-V9W8...

ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.111.0 <=0.120.0), ai.ancf.lmos:arc-runner (>=0.111.0 <=0.120.0) +1038 more potentially affected by CVE-2024-7254 via com.google.protobuf:protobuf-java (>=4.0.0-rc-1 <=4.27.4)

com.google.protobuf:protobuf-java MAVEN version =4.0.0-rc-1, =0.111.0, =0.111.0, =0.6.5, =0.0.1-alpha24, =0.1.0-M22, =0.1.0-M22, =2.0.0, =2.1.4 - be.vlaanderen.informatievlaanderen.ldes.client:event-stream-properties-fetcher =2.12.0 - be.vlaanderen.informatievlaanderen.ldes.client:ldes-client...

protobuf-java has potential Denial of Service issue

Summary When parsing unknown fields in the Protobuf Java Lite and Full library, a maliciously crafted message can cause a StackOverflow error and lead to a program crash. Reporter: Alexis Challande, Trail of Bits Ecosystem Security Team Affected versions: This issue affects all versions of both t...

PT-2024-6442

Name of the Vulnerable Software and Affected Versions protobuf-java versions prior to 3.25.5 Protocol Buffers versions prior to 4.28.2 Description The issue is related to insufficient input validation in the Protocol Buffers library, which can lead to a StackOverflow when parsing untrusted data...

Denial of Service of protobuf-java parsing procedure

...

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the protobuf-java (CVE-2022-3509).

Summary IBM Event Streams is vulnerable to a denial of service attack due to the protobuf-java core and lite. They are most often used for defining communications protocols together with gRPC and for data storage. Vulnerability Details CVEID:CVE-2022-3509 DESCRIPTION: protobuf-java core and lite...

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the protobuf-java core and lite ( CVE-2022-3171).

Summary Protobuf-java core and lite are used by IBM Event Streams. The protobuf-java core library provides comprehensive functionality for working with Protocol Buffers, including advanced parsing and serialization, while the protobuf-java-lite library offers a performance-optimized version for...

protobuf-java: timeout in parser leads to DoS

A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted...

Security Bulletin: The IBM QRadar SIEM Amazon Web Services protocol is vulnerable to a denial of service (CVE-2021-22569 ,CVE-2022-3171, CVE-2022-3509)

Summary A flaw was found in protobuf-java. Google Protocol Buffer protobuf-java which allows the interleaving of com.google.protobuf.UnknownFieldSet fields. Vulnerability Details CVEID:CVE-2021-22569 DESCRIPTION: Google Protocol Buffer protobuf-java is vulnerable to a denial of service, caused by...