3 matches found
protobuf-java: timeout in parser leads to DoS
A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted...
CVE-2022-3171 Memory handling vulnerability in ProtocolBuffers Java core and lite
A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted...
PT-2021-7857 · Google +5 · Protobuf-Java +5
Name of the Vulnerable Software and Affected Versions: protobuf-java affected versions not specified Description: The issue is related to the incorrect order of actions in the Protobuf data serialization protocol analysis component. This allows a remote attacker to cause a denial of service. A...