7.5
CVE-2021-22569
- EPSS 0.33%
- Published 10.01.2022 14:10:16
- Last modified 21.11.2024 05:50:20
- Source cve-coordination@google.com
- Teams watchlist Login
- Open Login
An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.
Data is provided by the National Vulnerability Database (NVD)
Google ≫ Google-protobuf SwPlatformruby Version < 3.19.2
Google ≫ Protobuf-java Version < 3.16.1
Google ≫ Protobuf-java Version >= 3.18.0 < 3.18.2
Google ≫ Protobuf-java Version >= 3.19.0 < 3.19.2
Google ≫ Protobuf-kotlin Version < 3.18.2
Google ≫ Protobuf-kotlin Version >= 3.19.0 < 3.19.2
Oracle ≫ Communications Cloud Native Core Console Version1.9.0
Oracle ≫ Communications Cloud Native Core Network Repository Function Version1.15.0
Oracle ≫ Communications Cloud Native Core Network Repository Function Version1.15.1
Oracle ≫ Communications Cloud Native Core Policy Version1.15.0
Oracle ≫ Spatial And Graph Mapviewer Version19c
Oracle ≫ Spatial And Graph Mapviewer Version21c
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.33% | 0.549 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
| cve-coordination@google.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-696 Incorrect Behavior Order
The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways which may produce resultant weaknesses.