Vulnerabilities (CVE)

Filtered by vendor Google Subscribe
Filtered by product Google-protobuf
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-3171 2 Fedoraproject, Google 6 Fedora, Google-protobuf, Protobuf-java and 3 more 2024-02-28 N/A 7.5 HIGH
A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.
CVE-2021-22569 2 Google, Oracle 7 Google-protobuf, Protobuf-java, Protobuf-kotlin and 4 more 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.