CVE-2021-22569
Description
An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.
Risk Information
Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.329
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are affected in Oracle WebLogic Server 12.2.1.4.0 | Windows |
| Multiple vulnerabilities are affected in Oracle WebLogic Server 14.1.1.0.0 | Windows |
| Vulnerabilities CVE-2021-22569 are fixed in Ruby-google-protobuf 3.19.2 | Windows |
| Vulnerabilities CVE-2021-22569 are fixed in Google-protobuf-java 3.16.1 | Windows |
| Vulnerabilities CVE-2021-22569 are fixed in Google-protobuf-java 3.18.2 | Windows |
| Vulnerabilities CVE-2021-22569 are fixed in Google-protobuf-java 3.19.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.4 | Windows |
| Vulnerabilities CVE-2021-22569 are fixed in Google Protobuf - protobuf-kotlin 3.18.2 | Windows |
| Vulnerabilities CVE-2021-22569 are fixed in Google Protobuf - protobuf-kotlin 3.19.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2 | Windows |
| Multiple Vulnerabilities are affected in IBM App Connect Enterprise 12.0.8.0 | Windows |
| Multiple Vulnerabilities are affected in IBM App Connect Enterprise 11.0.0.20 | Windows |
| protocol buffers C++ library (development files) (USN-5945-1) libprotoc10_3.0.0-9.1ubuntu1.1_i386.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) libprotoc10_3.0.0-9.1ubuntu1.1_amd64.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) libprotoc17_3.6.1.3-2ubuntu5.2_i386.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) libprotoc17_3.6.1.3-2ubuntu5.2_amd64.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) libprotoc23_3.12.4-1ubuntu7.22.04.1_i386.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) libprotoc23_3.12.4-1ubuntu7.22.04.1_amd64.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) libprotoc23_3.12.4-1ubuntu7.22.10.1_i386.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) libprotoc23_3.12.4-1ubuntu7.22.10.1_amd64.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) libprotobuf10_3.0.0-9.1ubuntu1.1_i386.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) libprotobuf10_3.0.0-9.1ubuntu1.1_amd64.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) libprotobuf23_3.12.4-1ubuntu7.22.04.1_i386.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) libprotobuf23_3.12.4-1ubuntu7.22.04.1_amd64.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) libprotobuf23_3.12.4-1ubuntu7.22.10.1_i386.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) libprotobuf23_3.12.4-1ubuntu7.22.10.1_amd64.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) libprotoc-dev_3.6.1.3-2ubuntu5.2_i386.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) libprotoc-dev_3.6.1.3-2ubuntu5.2_amd64.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) python-protobuf_3.0.0-9.1ubuntu1.1_i386.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) python-protobuf_3.0.0-9.1ubuntu1.1_amd64.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) python-protobuf_3.6.1.3-2ubuntu5.2_i386.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) python-protobuf_3.6.1.3-2ubuntu5.2_amd64.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) libprotobuf-java_3.12.4-1ubuntu7.22.04.1_all.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) libprotobuf-java_3.12.4-1ubuntu7.22.10.1_all.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) python3-protobuf_3.0.0-9.1ubuntu1.1_i386.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) python3-protobuf_3.0.0-9.1ubuntu1.1_amd64.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) python3-protobuf_3.6.1.3-2ubuntu5.2_i386.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) python3-protobuf_3.6.1.3-2ubuntu5.2_amd64.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) python3-protobuf_3.12.4-1ubuntu7.22.04.1_i386.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) python3-protobuf_3.12.4-1ubuntu7.22.04.1_amd64.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) python3-protobuf_3.12.4-1ubuntu7.22.10.1_i386.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) python3-protobuf_3.12.4-1ubuntu7.22.10.1_amd64.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) protobuf-compiler_3.0.0-9.1ubuntu1.1_i386.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) protobuf-compiler_3.0.0-9.1ubuntu1.1_amd64.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) protobuf-compiler_3.6.1.3-2ubuntu5.2_i386.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) protobuf-compiler_3.6.1.3-2ubuntu5.2_amd64.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) protobuf-compiler_3.12.4-1ubuntu7.22.04.1_i386.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) protobuf-compiler_3.12.4-1ubuntu7.22.04.1_amd64.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) protobuf-compiler_3.12.4-1ubuntu7.22.10.1_i386.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) protobuf-compiler_3.12.4-1ubuntu7.22.10.1_amd64.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) libprotobuf-lite10_3.0.0-9.1ubuntu1.1_i386.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) libprotobuf-lite10_3.0.0-9.1ubuntu1.1_amd64.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) libprotobuf-lite17_3.6.1.3-2ubuntu5.2_i386.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) libprotobuf-lite17_3.6.1.3-2ubuntu5.2_amd64.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) libprotobuf-lite23_3.12.4-1ubuntu7.22.04.1_i386.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) libprotobuf-lite23_3.12.4-1ubuntu7.22.04.1_amd64.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) libprotobuf-lite23_3.12.4-1ubuntu7.22.10.1_i386.deb | Linux |
| protocol buffers C++ library (development files) (USN-5945-1) libprotobuf-lite23_3.12.4-1ubuntu7.22.10.1_amd64.deb | Linux |
| SUSE-SU-2023:2783-1(Server Applications Module 15-SP4 ) python-zope.interface-debuginfo-4.4.2-150000.3.4.1.x86_64.rpm | Linux |
| SUSE-SU-2023:2783-1(Server Applications Module 15-SP4 ) python-zope.interface-debugsource-4.4.2-150000.3.4.1.x86_64.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-aiocontextvars-0.2.2-150100.3.3.3.x86_64.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-websockets-9.1-150100.3.3.3.x86_64.rpm | Linux |
| SUSE-SU-2023:2783-1(Server Applications Module 15-SP4 ) python3-zope.interface-4.4.2-150000.3.4.1.x86_64.rpm | Linux |
| SUSE-SU-2023:2783-1(Server Applications Module 15-SP4 ) python3-zope.interface-debuginfo-4.4.2-150000.3.4.1.x86_64.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) azure-cli-core-2.17.1-150100.6.18.1.noarch.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-avro-1.11.0-150100.3.3.3.noarch.rpm | Linux |
| SUSE-SU-2023:2783-1(Server Applications Module 15-SP4 ) python3-constantly-15.1.0-150000.3.4.1.noarch.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-cryptography-vectors-3.3.2-150100.3.11.3.noarch.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-Deprecated-1.2.13-150100.3.3.3.noarch.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-humanfriendly-10.0-150100.6.3.3.noarch.rpm | Linux |
| SUSE-SU-2023:2783-1(Server Applications Module 15-SP4 ) python3-hyperlink-17.2.1-150000.3.4.1.noarch.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-jsondiff-1.3.0-150100.3.6.3.noarch.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-knack-0.9.0-150100.3.7.3.noarch.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-opencensus-0.8.0-150100.3.3.3.noarch.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-opencensus-context-0.1.2-150100.3.3.3.noarch.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-opencensus-ext-threading-0.1.2-150100.3.3.3.noarch.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-opentelemetry-api-1.5.0-150100.3.3.3.noarch.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-PyGithub-1.43.5-150100.3.3.3.noarch.rpm | Linux |
| SUSE-SU-2023:2783-1(Basesystem Module 15-SP4 ) python3-websocket-client-1.3.2-150100.6.7.3.noarch.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-aiocontextvars-0.2.2-150100.3.3.3.x86_64_15_SP3.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-websockets-9.1-150100.3.3.3.x86_64_15_SP3.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) azure-cli-core-2.17.1-150100.6.18.1.noarch_15_SP3.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-avro-1.11.0-150100.3.3.3.noarch_15_SP3.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-Deprecated-1.2.13-150100.3.3.3.noarch_15_SP3.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-humanfriendly-10.0-150100.6.3.3.noarch_15_SP3.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-jsondiff-1.3.0-150100.3.6.3.noarch_15_SP3.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-knack-0.9.0-150100.3.7.3.noarch_15_SP3.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-opencensus-0.8.0-150100.3.3.3.noarch_15_SP3.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-opencensus-context-0.1.2-150100.3.3.3.noarch_15_SP3.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-opencensus-ext-threading-0.1.2-150100.3.3.3.noarch_15_SP3.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-opentelemetry-api-1.5.0-150100.3.3.3.noarch_15_SP3.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-PyGithub-1.43.5-150100.3.3.3.noarch_15_SP3.rpm | Linux |
| SUSE-SU-2023:2783-1(Server Applications Module 15-SP5 ) python-zope.interface-debuginfo-4.4.2-150000.3.4.1.x86_64_15_SP5.rpm | Linux |
| SUSE-SU-2023:2783-1(Server Applications Module 15-SP5 ) python-zope.interface-debugsource-4.4.2-150000.3.4.1.x86_64_15_SP5.rpm | Linux |
| SUSE-SU-2023:2783-1(Server Applications Module 15-SP5 ) python3-zope.interface-4.4.2-150000.3.4.1.x86_64_15_SP5.rpm | Linux |
| SUSE-SU-2023:2783-1(Server Applications Module 15-SP5 ) python3-zope.interface-debuginfo-4.4.2-150000.3.4.1.x86_64_15_SP5.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP5 ) azure-cli-core-2.17.1-150100.6.18.1.noarch_15_SP5.rpm | Linux |
| SUSE-SU-2023:2783-1(Server Applications Module 15-SP5 ) python3-constantly-15.1.0-150000.3.4.1.noarch_15_SP5.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP5 ) python3-humanfriendly-10.0-150100.6.3.3.noarch_15_SP5.rpm | Linux |
| SUSE-SU-2023:2783-1(Server Applications Module 15-SP5 ) python3-hyperlink-17.2.1-150000.3.4.1.noarch_15_SP5.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP5 ) python3-jsondiff-1.3.0-150100.3.6.3.noarch_15_SP5.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP5 ) python3-knack-0.9.0-150100.3.7.3.noarch_15_SP5.rpm | Linux |
| SUSE-SU-2023:2783-1(Basesystem Module 15-SP5 ) python3-websocket-client-1.3.2-150100.6.7.3.noarch_15_SP5.rpm | Linux |
| Vulnerabilities CVE-2021-22569 are fixed in Ruby-google-protobuf for Linux 3.19.2 | Linux |
| Vulnerabilities CVE-2021-22569 are fixed in Google-protobuf-java for Linux 3.16.1 | Linux |
| Vulnerabilities CVE-2021-22569 are fixed in Google-protobuf-java for Linux 3.18.2 | Linux |
| Vulnerabilities CVE-2021-22569 are fixed in Google-protobuf-java for Linux 3.19.2 | Linux |
| Vulnerabilities CVE-2021-22569 are fixed in Google Protobuf - protobuf-kotlin for Linux 3.18.2 | Linux |
| Vulnerabilities CVE-2021-22569 are fixed in Google Protobuf - protobuf-kotlin for Linux 3.19.2 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234