157 matches found
Oracle Primavera Gateway (Jan 2023 CPU)
The versions of Primavera Gateway installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2023 CPU advisory. - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering component: Admin Google Protobuf-Java. Supported versions...
protobuf-java: Denial of Service
Background protobuf-java contains the Java bindings for Google's Protocol Buffers. Description Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back and forth between mutable and immutable forms, resulting in...
GLSA-202301-09 : protobuf-java: Denial of Service
The remote host is affected by the vulnerability described in GLSA-202301-09 protobuf-java: Denial of Service - A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple...
Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.9 and earlier
Summary This fix upgrades to socket.io 4.5.4, protobuf-java 3.21.9 and nodejs 14.21.1. Vulnerability Details CVEID:CVE-2022-41940 DESCRIPTION: Socket.IO Engine.IO is vulnerable to a denial of service, caused by an uncaught exception flaw. By sending a specially-crafted HTTP request, a remote...
Security Bulletin: IBM MQ Blockchain bridge is vulnerable to a denial of service issue within protobuf-java core (CVE-2022-3171)
Summary An issue was identified within protobuf-java core, which is used by fabric gateway, which in turn is used by IBM MQ Blockchain bridge to provide IBM MQ Blockchain functionality. Vulnerability Details CVEID:CVE-2022-3171 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial o...
Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities
Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities including those in Node.js, IBM WebSphere Application Server Liberty and various other libraries. Vulnerability Details CVEID:CVE-2022-3171 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial ...
Security Bulletin: The IBM® Engineering Lifecycle Engineering products using WebSphere Application Server Liberty are vulnerable to denial of service due to Google protobuf-java
Summary There is a vulnerability in the Google protobuf-java library used by IBM WebSphere Application Server Liberty with the grpc-1.0 or grpcClient-1.0 feature enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulleti...
Denial Of Service (DoS)
protobuf-java is vulnerable to Denial Of Service DoS. A remote attacker can cause objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses, when the inputs contain multiple instances of non-repeated embedded messages with...
ai.grakn:grakn-dist (=0.17.0), ai.grakn:janus-factory (>=0.17.0 <=1.1.0) +10223 more potentially affected by CVE-2022-3509 via com.google.protobuf:protobuf-java (>=3.0.0 <=3.16.1)
com.google.protobuf:protobuf-java MAVEN version =3.0.0, =0.17.0, =1.1.0 - ai.konduit.serving:konduit-serving-api =0.3.0 - ai.konduit.serving:konduit-serving-build =0.3.0 - ai.konduit.serving:konduit-serving-cli =0.3.0 - ai.konduit.serving:konduit-serving-config-creator =0.3.0 -...
ai.bareun.tagger:bareun (>=1.0.0 <=1.4.1), ai.djl.serving:serving (=0.19.0) +3733 more potentially affected by CVE-2022-3509 via com.google.protobuf:protobuf-java (>=3.21.0 <=3.21.6)
com.google.protobuf:protobuf-java MAVEN version =3.21.0, =1.0.0, =3.42.0.2-1-3.4, =0.0.1, =22.3.2, =22.3.2, =22.3.2, =22.3.2, =1.0.0-beta01, =1.0.0-beta01, =1.0.0-beta06 - at.ac.ait.lablink.clients:universalapiclient =0.1.0 and more Source cves: CVE-2022-3509 Source advisory: OSV:GHSA-G5WW-5JH7-6...
ai.djl.spring:djl-spring-boot-starter-tensorflow-auto (>=0.15 <=0.18), ai.djl.tensorflow:tensorflow-api (>=0.15.0 <=0.18.0) +7127 more potentially affected by CVE-2022-3510 via com.google.protobuf:protobuf-java (>=3.17.0 <=3.19.5)
com.google.protobuf:protobuf-java MAVEN version =3.17.0, =0.15, =0.15.0, =0.15.0, =0.15.0, =3.32.1.6, =3.32.1.6-1-2.1, =3.32.1.6-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.0.1, =2.8.4-alpha1, =3.0.1-alpha1 and more Source cves: CVE-2022-3510...
ai.tock:tock-nlp-dialogflow (=22.3.1), ai.tock:tock-nlp-model-stanford (=22.3.1) +1285 more potentially affected by CVE-2022-3510 via com.google.protobuf:protobuf-java (>=3.20.0 <=3.20.2)
com.google.protobuf:protobuf-java MAVEN version =3.20.0, =0.10.0, =3.0.0, =0.0.6, =0.0.6, =0.9.5, =2.0.0-alpha.0, =2023.0.0.0-RC1, =2023.0.0.0-RC1, =1.0.3, =1.0.3.AS2.RELEASE and more Source cves: CVE-2022-3510 Source advisory: OSV:GHSA-4GG5-VX3J-XWC7...
ai.bareun.tagger:bareun (>=1.0.0 <=1.4.1), ai.djl.serving:serving (=0.19.0) +3733 more potentially affected by CVE-2022-3510 via com.google.protobuf:protobuf-java (>=3.21.0 <=3.21.6)
com.google.protobuf:protobuf-java MAVEN version =3.21.0, =1.0.0, =3.42.0.2-1-3.4, =0.0.1, =22.3.2, =22.3.2, =22.3.2, =22.3.2, =1.0.0-beta01, =1.0.0-beta01, =1.0.0-beta06 - at.ac.ait.lablink.clients:universalapiclient =0.1.0 and more Source cves: CVE-2022-3510 Source advisory: OSV:GHSA-4GG5-VX3J-X...
ai.djl.spring:djl-spring-boot-starter-tensorflow-auto (>=0.15 <=0.18), ai.djl.tensorflow:tensorflow-api (>=0.15.0 <=0.18.0) +7127 more potentially affected by CVE-2022-3509 via com.google.protobuf:protobuf-java (>=3.17.0 <=3.19.5)
com.google.protobuf:protobuf-java MAVEN version =3.17.0, =0.15, =0.15.0, =0.15.0, =0.15.0, =3.32.1.6, =3.32.1.6-1-2.1, =3.32.1.6-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.0.1, =2.8.4-alpha1, =3.0.1-alpha1 and more Source cves: CVE-2022-3509...
ai.grakn:grakn-dist (=0.17.0), ai.grakn:janus-factory (>=0.17.0 <=1.1.0) +10223 more potentially affected by CVE-2022-3510 via com.google.protobuf:protobuf-java (>=3.0.0 <=3.16.1)
com.google.protobuf:protobuf-java MAVEN version =3.0.0, =0.17.0, =1.1.0 - ai.konduit.serving:konduit-serving-api =0.3.0 - ai.konduit.serving:konduit-serving-build =0.3.0 - ai.konduit.serving:konduit-serving-cli =0.3.0 - ai.konduit.serving:konduit-serving-config-creator =0.3.0 -...
Protobuf Java vulnerable to Uncontrolled Resource Consumption
A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes...
ai.tock:tock-nlp-dialogflow (=22.3.1), ai.tock:tock-nlp-model-stanford (=22.3.1) +1285 more potentially affected by CVE-2022-3509 via com.google.protobuf:protobuf-java (>=3.20.0 <=3.20.2)
com.google.protobuf:protobuf-java MAVEN version =3.20.0, =0.10.0, =3.0.0, =0.0.6, =0.0.6, =0.9.5, =2.0.0-alpha.0, =2023.0.0.0-RC1, =2023.0.0.0-RC1, =1.0.3, =1.0.3.AS2.RELEASE and more Source cves: CVE-2022-3509 Source advisory: OSV:GHSA-G5WW-5JH7-63CX...
GHSA-4GG5-VX3J-XWC7 Protobuf Java vulnerable to Uncontrolled Resource Consumption
A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown...
Protobuf Java vulnerable to Uncontrolled Resource Consumption
A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown...
CVE-2022-3509
A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes...