7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
32.6%
A potential Denial of Service issue in protobuf-java
core and lite was
discovered in the parsing procedure for binary and text format data.
Input streams containing multiple instances of non-repeated embedded
messages
with repeated or unknown fields causes objects to be converted back-n-forth
between mutable and immutable forms, resulting in potentially long garbage
collection pauses.
Reporter: OSS Fuzz
Affected versions: This issue affects both the Java full and lite Protobuf
runtimes, as well as Protobuf for Kotlin and JRuby, which themselves use the
Java Protobuf runtime.
CVE-2022-3171
Medium - CVSS Score: 5.7 (NOTE: there may be a delay in publication)
Please update to the latest available versions of the following packages: