Security Bulletin: Multiple Vulnerabilities in Google Protocol Buffer affect IBM Operations Analytics - Log Analysis (CVE-2022-3509, CVE-2022-3171)

Summary A parsing issue in Google Protocol Buffer shipped with IBM Operations Analytics - Log Analysis can lead to a denial of service attack. Vulnerability Details CVEID:CVE-2022-3171 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing...

Security Bulletin: Multiple Vulnerabilities have been identified in WebSphere Application Server Liberty shipped with Cloud Pak System (CVE-2022-3509, CVE-2022-3171)

Summary Vulnerabilities has been identified in WebSsphere Application Server Liberty pattern pType shipped with Cloud Pak System. IBM Cloud Pak System ships with optional Single- Sign-On SSO feature. Information about security vulnerabilities affecting IBM WebSphere Application Server Liberty hav...

Updated protobuf packages fix security vulnerability

Parsing vulnerability for the MessageSet type in the ProtocolBuffers for protobuf-python can lead to out of memory can lead to a Denial of Service against services receiving unsanitized input. CVE-2022-1941 A parsing issue with binary data in protobuf-java core and lite can lead to a denial of...

USN-5945-1 protobuf vulnerabilities

It was discovered that Protocol Buffers did not properly validate field com.google.protobuf.UnknownFieldSet in protobuf-java. An attacker could possibly use this issue to perform a denial of service attack. This issue only affected protobuf Ubuntu 22.04 LTS and Ubuntu 22.10. CVE-2021-22569 It was...

protobuf-java: timeout in parser leads to DoS

A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted...

Security Bulletin: IBM MQ Blockchain bridge is vulnerable to multiple issues within protobuf-java-core (CVE-2022-3510, CVE-2022-3509)

Summary Multiple issues were identified within protobuf-java-core which is used by fabric gateway which is used by IBM MQ Blockchain bridge to provide Blockchain functionality to IBM MQ. Vulnerability Details CVEID:CVE-2022-3510 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial ...

Security Bulletin: CVE-2022-3509 and CVE-2022-3171 may affect IBM TXSeries for Multiplatforms

Summary WebSphere Application Server Liberty is vulnerable to denial of service due to Google protobuf-java . This affects IBM WebSphere Liberty used by IBM TXSeries for Multiplatforms. IBM TXSeries for Multiplatforms has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-3509...

Security Bulletin: CVE-2022-3509, CVE-2022-3171 may affect IBM CICS TX Standard

Summary WebSphere Application Server Liberty is vulnerable to denial of service due to Google protobuf-java . This affects IBM WebSphere Liberty used by IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-3509 DESCRIPTION: protobuf-ja...

SUSE CVE-2021-22569

An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated...

SUSE CVE-2022-3171

A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted...

SUSE CVE-2022-3510

A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown...

SUSE CVE-2022-3509

A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes...

Security Bulletin: IBM PowerVM Novalink is vulnerable because IBM WebSphere Application Server Liberty vulnerable to protobuf-java core and lite are vulnerable to a denial of service. (CVE-2022-3509)

Summary IBM PowerVM Novalink is vulnerable because IBM WebSphere Application Server Liberty vulnerable to protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for textformat data. By sending non-repeated embedded messages with repeated or...

Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to HTTP header injection and affected by denial of services due to multiple vulnerabilities.

Summary IBM WebSphere Application Server Liberty for IBM i is vulnerable to an HTTP header injection caused by improper validation, and affected by a denial of service in GraphQL Java, a denial of service in CyberNeko HTML, and a denial of service in protobuf-java as described in the vulnerabilit...

Security Bulletin: IBM Cloud Pak for Multicloud Management is vulnerable to denial of service due to protobuf-java core and lite

Summary protobuf-java is used by some components of IBM Cloud Pak for Multicloud Management and it is vulnerable to a denial of service. CVE-2022-3509, CVE-2022-3171, CVE-2022-3510 Vulnerability Details CVEID:CVE-2022-3509 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of...

Security Bulletin: IBM Workload Scheduler potentially affected by parsing issue with binary data in protobuf-java core (CVE-2022-3171)

Summary A parsing issue with binary data in protobuf-java core can lead to a denial of service attack and potentially affects IBM Workload Scheduler 9.5 and IBM Workload Scheduler 10.1 Vulnerability Details CVEID:CVE-2022-3171 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of...

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilties

Summary IBM Planning Analytics Workspace is affected by vulnerabilities. Node.js is an open-source and cross-platform JavaScript runtime environment CVE-2022-35255, CVE-2022-35256. Node-tar is a full function tar library for node.js CVE-2018-20834. Swagger UI is used to visualize and interact wit...

Security Bulletin: Vulnerabilities in the protobuf-java may affect IBM Robotic Process Automation and could result in a denial of service (CVE-2022-3171, CVE-2022-3509)

Summary There is a vulnerability in protobuf-java used by IBM WebSphere Liberty which may result in a denial of service. IBM Robotic Process Automation for Cloud Pak uses IBM WebSphere Liberty as part of it's User Management Services. This bulletin identifies the security fixes to apply to addres...

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using WebSphere Application Server Liberty is vulnerable to denial of service due to Google protobuf-java (CVE-2022-3509, CVE-2022-3171)

Summary There is a vulnerability in the Google protobuf-java library used by IBM WebSphere Application Server Liberty with the grpc-1.0 or grpcClient-1.0 feature enabled. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin:...

FreeBSD : MySQL -- Multiple vulnerabilities (dc49f6dc-99d2-11ed-86e9-d4c9ef517024)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the dc49f6dc-99d2-11ed-86e9-d4c9ef517024 advisory. - A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and...