Vulnerabilities > CVE-2022-3171

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

google

fedoraproject

NVD

Published: 2022-10-12

Updated: 2023-11-07

Summary

A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.

Vulnerable Configurations

Part	Description	Count
Application	Google Google Protobuf Java 2.0.1 Google Protobuf Java 2.0.3 Google Protobuf Java 2.1.0 Google Protobuf Java 2.2.0 Google Protobuf Java 2.3.0 Google Protobuf Java 2.4.0A Google Protobuf Java 2.4.1 Google Protobuf Java 2.5.0 Google Protobuf Java 2.6.0 Google Protobuf Java 2.6.1 Google Protobuf Java 3.0.0 Google Protobuf Java 3.0.2 Google Protobuf Java 3.1.0 Google Protobuf Java 3.2.0 Google Protobuf Java 3.3.0 Google Protobuf Java 3.3.1 Google Protobuf Java 3.4.0 Google Protobuf Java 3.5.0 Google Protobuf Java 3.5.1 Google Protobuf Java 3.6.0 Google Protobuf Java 3.6.1 Google Protobuf Java 3.7.0 Google Protobuf Java 3.7.1 Google Protobuf Java 3.8.0 Google Protobuf Java 3.9.0 Google Protobuf Java 3.9.1 Google Protobuf Java 3.9.2 Google Protobuf Java 3.10.0 Google Protobuf Java 3.11.0 Google Protobuf Java 3.11.1 Google Protobuf Java 3.11.3 Google Protobuf Java 3.11.4 Google Protobuf Java 3.12.0 Google Protobuf Java 3.12.1 Google Protobuf Java 3.12.2 Google Protobuf Java 3.12.4 Google Protobuf Java 3.13.0 Google Protobuf Java 3.14.0 Google Protobuf Java 3.15.0 Google Protobuf Java 3.15.1 Google Protobuf Java 3.15.2 Google Protobuf Java 3.15.3 Google Protobuf Java 3.15.4 Google Protobuf Java 3.15.5 Google Protobuf Java 3.15.6 Google Protobuf Java 3.15.7 Google Protobuf Java 3.15.8 Google Protobuf Java 3.16.0 Google Protobuf Java 3.16.1 Google Protobuf Java 3.21.0 Google Protobuf Java 3.21.1 Google Protobuf Java 3.21.2 Google Protobuf Java 3.21.3 Google Protobuf Java 3.21.4 Google Protobuf Java 3.21.5 Google Protobuf Java 3.21.6 Google Protobuf Java 3.20.0 Google Protobuf Java 3.20.1 Google Protobuf Java 3.20.2 Google Protobuf Java 3.17.0 Google Protobuf Java 3.17.1 Google Protobuf Java 3.17.2 Google Protobuf Java 3.17.3 Google Protobuf Java 3.18.0 Google Protobuf Java 3.18.1 Google Protobuf Java 3.18.2 Google Protobuf Java 3.18.3 Google Protobuf Java 3.19.0 Google Protobuf Java 3.19.1 Google Protobuf Java 3.19.2 Google Protobuf Java 3.19.3 Google Protobuf Java 3.19.4 Google Protobuf Java 3.19.5 Google Protobuf Kotlin Lite 3.17.0 Google Protobuf Kotlin Lite 3.20.0 Google Protobuf Kotlin Lite 3.21.0 Google Protobuf Kotlin Lite * Google Protobuf Kotlin * Google Protobuf Kotlin 3.21.0 Google Protobuf Kotlin 3.20.0 Google Protobuf Kotlin 3.17.0 Google Protobuf Javalite 3.17.0 Google Protobuf Javalite 3.20.0 Google Protobuf Javalite 3.21.0 Google Protobuf Javalite * Google Google Protobuf 3.21.0 Google Google Protobuf 3.20.0 Google Google Protobuf 3.17.0 Google Google Protobuf *	127
OS	Fedoraproject Fedoraproject Fedora 37	1

Vulnerabilities > CVE-2022-3171 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2022-3171"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2022-3171