CVE-2024-7254
- EPSS 0.08%
- Published 19.09.2024 01:15:10
- Last modified 26.09.2025 17:10:19
Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknown...
CVE-2022-3171
- EPSS 0.08%
- Published 12.10.2022 23:15:09
- Last modified 21.11.2024 07:18:58
A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknow...
CVE-2021-22569
- EPSS 0.33%
- Published 10.01.2022 14:10:16
- Last modified 21.11.2024 05:50:20
An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of shor...