CVE-2021-22569

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-22569
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22569.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-22569
Aliases
Downstream
Related
Published
2022-01-10T14:10:16.747Z
Modified
2026-02-13T08:43:29.142558Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.

References

Affected packages

Git / github.com/protocolbuffers/protobuf

Affected ranges

Type
GIT
Repo
https://github.com/protocolbuffers/protobuf
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
cb46755e6405e083b45481f5ea4754b180705529
Introduced
17b30e96476be70b8773b2b807bab857fd3ceb39
Fixed
cb46755e6405e083b45481f5ea4754b180705529
Introduced
89b14b1d16eba4d44af43256fc45b24a6a348557
Fixed
6c6b0778b70f35f93c2f0dee30e5d12ad2a83eea

Affected versions

v3.*
v3.18.0
v3.18.1
v3.19.0
v3.19.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22569.json"