DEBIAN-CVE-2022-3510
- Source
- https://security-tracker.debian.org/tracker/CVE-2022-3510
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-3510.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2022-3510
- Upstream
- Published
- 2022-12-12T13:15:14Z
- Modified
- 2025-09-25T07:41:19.596137Z
- Summary
- [none]
- Details
-
A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.
- References
Affected packages
Debian:11 / protobuf
Package
- Name
- protobuf
- Purl
- pkg:deb/debian/protobuf?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
3.*
3.12.4-1
3.12.4-1+deb11u1
3.14.0-1
3.17.1-1
3.17.2-1
3.17.3-1
3.17.3-2
3.18.0~rc1-1
3.18.0~rc2-1
3.18.0-1
3.18.1-1
3.19.0-1
3.19.1-1
3.19.3-1
3.19.4-1
3.20.0~rc1-1
3.20.0~rc2-1
3.20.0-1
3.20.1~rc1-1
3.20.1-1
3.20.2-1
3.21.6-1
3.21.7-1
3.21.8-1
3.21.9-1
3.21.9-2
3.21.9-3
3.21.9-4
3.21.9-5
3.21.10-1
3.21.11-1
3.21.12-1
3.21.12-2
3.21.12-2+exp1
3.21.12-3
3.21.12-4
3.21.12-5
3.21.12-6
3.21.12-7
3.21.12-8
3.21.12-8.1
3.21.12-8.2
3.21.12-9
3.21.12-10
3.21.12-11
3.21.12-12
3.21.12-13
3.25.1-1
3.25.2-1
3.25.3-1
3.25.4-1
4.*
4.0.0~rc1-1
4.0.0~rc2-1
Debian:12 / protobuf
Package
- Name
- protobuf
- Purl
- pkg:deb/debian/protobuf?arch=source
Debian:13 / protobuf
Package
- Name
- protobuf
- Purl
- pkg:deb/debian/protobuf?arch=source
Debian:14 / protobuf
Package
- Name
- protobuf
- Purl
- pkg:deb/debian/protobuf?arch=source