CVE-2022-3510
Published on: Not Yet Published
Last Modified on: 12/15/2022 04:52:00 PM UTC
Certain versions of Protobuf-java from Google contain the following vulnerability:
A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.
- CVE-2022-3510 has been assigned by
secu[email protected] to track the vulnerability - currently rated as HIGH severity.
- Affected Vendor/Software:
Google - ProtocolBuffers version = 3.21.0
- Affected Vendor/Software:
Google - ProtocolBuffers version = 3.20.0
- Affected Vendor/Software:
Google - ProtocolBuffers version = 3.19.0
- Affected Vendor/Software:
Google - ProtocolBuffers version = 3.16.0
CVSS3 Score: 7.5 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | NONE | NONE |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | NONE | NONE | HIGH |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Sync from Piper @mkruskal/footmitten · protocolbuffers/protobuf@db7c178 · GitHub | github.com text/html |
![]() |
Related QID Numbers
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Protobuf-java | All | All | All | All | |
Application | Protobuf-javalite | All | All | All | All |
- cpe:2.3:a:google:protobuf-java:*:*:*:*:*:*:*:*:
- cpe:2.3:a:google:protobuf-javalite:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
CVE-2022-3510 : A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core an… twitter.com/i/web/status/1… | 2022-12-12 13:07:14 |