CVE-2021-22569

An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:google:google-protobuf:*:*:*:*:*:ruby:*:*
cpe:2.3:a:google:protobuf-java:*:*:*:*:*:*:*:*
cpe:2.3:a:google:protobuf-java:*:*:*:*:*:*:*:*
cpe:2.3:a:google:protobuf-java:*:*:*:*:*:*:*:*
cpe:2.3:a:google:protobuf-kotlin:*:*:*:*:*:*:*:*
cpe:2.3:a:google:protobuf-kotlin:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:spatial_and_graph_mapviewer:19c:*:*:*:*:*:*:*
cpe:2.3:a:oracle:spatial_and_graph_mapviewer:21c:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-01-10 14:10

Updated : 2024-02-28 18:48


NVD link : CVE-2021-22569

Mitre link : CVE-2021-22569

CVE.ORG link : CVE-2021-22569


JSON object : View

Products Affected

oracle

  • communications_cloud_native_core_network_repository_function
  • communications_cloud_native_core_policy
  • communications_cloud_native_core_console
  • spatial_and_graph_mapviewer

google

  • protobuf-kotlin
  • google-protobuf
  • protobuf-java
CWE
NVD-CWE-noinfo CWE-696

Incorrect Behavior Order