CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-22569

An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 52.3%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 4.3

References

Products affected by CVE-2021-22569

Google » Google-Protobuf » Version: 3.16.3

cpe:2.3:a:google:google-protobuf:3.16.3
Google » Google-Protobuf » Version: 3.17.0

cpe:2.3:a:google:google-protobuf:3.17.0
Google » Protobuf-Java » Version: 2.0.1

cpe:2.3:a:google:protobuf-java:2.0.1
Google » Protobuf-Java » Version: 2.0.3

cpe:2.3:a:google:protobuf-java:2.0.3
Google » Protobuf-Java » Version: 2.1.0

cpe:2.3:a:google:protobuf-java:2.1.0
Google » Protobuf-Java » Version: 2.2.0

cpe:2.3:a:google:protobuf-java:2.2.0
Google » Protobuf-Java » Version: 2.3.0

cpe:2.3:a:google:protobuf-java:2.3.0
Google » Protobuf-Java » Version: 2.4.0a

cpe:2.3:a:google:protobuf-java:2.4.0a
Google » Protobuf-Java » Version: 2.4.1

cpe:2.3:a:google:protobuf-java:2.4.1
Google » Protobuf-Java » Version: 2.5.0

cpe:2.3:a:google:protobuf-java:2.5.0
Google » Protobuf-Java » Version: 2.6.0

cpe:2.3:a:google:protobuf-java:2.6.0
Google » Protobuf-Java » Version: 2.6.1

cpe:2.3:a:google:protobuf-java:2.6.1
Google » Protobuf-Java » Version: 3.0.0

cpe:2.3:a:google:protobuf-java:3.0.0
Google » Protobuf-Java » Version: 3.0.2

cpe:2.3:a:google:protobuf-java:3.0.2
Google » Protobuf-Java » Version: 3.1.0

cpe:2.3:a:google:protobuf-java:3.1.0
Google » Protobuf-Java » Version: 3.10.0

cpe:2.3:a:google:protobuf-java:3.10.0
Google » Protobuf-Java » Version: 3.11.0

cpe:2.3:a:google:protobuf-java:3.11.0
Google » Protobuf-Java » Version: 3.11.1

cpe:2.3:a:google:protobuf-java:3.11.1
Google » Protobuf-Java » Version: 3.11.3

cpe:2.3:a:google:protobuf-java:3.11.3
Google » Protobuf-Java » Version: 3.11.4

cpe:2.3:a:google:protobuf-java:3.11.4
Google » Protobuf-Java » Version: 3.12.0

cpe:2.3:a:google:protobuf-java:3.12.0
Google » Protobuf-Java » Version: 3.12.1

cpe:2.3:a:google:protobuf-java:3.12.1
Google » Protobuf-Java » Version: 3.12.2

cpe:2.3:a:google:protobuf-java:3.12.2
Google » Protobuf-Java » Version: 3.12.4

cpe:2.3:a:google:protobuf-java:3.12.4
Google » Protobuf-Java » Version: 3.13.0

cpe:2.3:a:google:protobuf-java:3.13.0
Google » Protobuf-Java » Version: 3.14.0

cpe:2.3:a:google:protobuf-java:3.14.0
Google » Protobuf-Java » Version: 3.15.0

cpe:2.3:a:google:protobuf-java:3.15.0
Google » Protobuf-Java » Version: 3.15.1

cpe:2.3:a:google:protobuf-java:3.15.1
Google » Protobuf-Java » Version: 3.15.2

cpe:2.3:a:google:protobuf-java:3.15.2
Google » Protobuf-Java » Version: 3.15.3

cpe:2.3:a:google:protobuf-java:3.15.3
Google » Protobuf-Java » Version: 3.15.4

cpe:2.3:a:google:protobuf-java:3.15.4
Google » Protobuf-Java » Version: 3.15.5

cpe:2.3:a:google:protobuf-java:3.15.5
Google » Protobuf-Java » Version: 3.15.6

cpe:2.3:a:google:protobuf-java:3.15.6
Google » Protobuf-Java » Version: 3.15.7

cpe:2.3:a:google:protobuf-java:3.15.7
Google » Protobuf-Java » Version: 3.15.8

cpe:2.3:a:google:protobuf-java:3.15.8
Google » Protobuf-Java » Version: 3.16.0

cpe:2.3:a:google:protobuf-java:3.16.0
Google » Protobuf-Java » Version: 3.18.0

cpe:2.3:a:google:protobuf-java:3.18.0
Google » Protobuf-Java » Version: 3.18.1

cpe:2.3:a:google:protobuf-java:3.18.1
Google » Protobuf-Java » Version: 3.19.0

cpe:2.3:a:google:protobuf-java:3.19.0
Google » Protobuf-Java » Version: 3.19.1

cpe:2.3:a:google:protobuf-java:3.19.1
Google » Protobuf-Java » Version: 3.2.0

cpe:2.3:a:google:protobuf-java:3.2.0
Google » Protobuf-Java » Version: 3.3.0

cpe:2.3:a:google:protobuf-java:3.3.0
Google » Protobuf-Java » Version: 3.3.1

cpe:2.3:a:google:protobuf-java:3.3.1
Google » Protobuf-Java » Version: 3.4.0

cpe:2.3:a:google:protobuf-java:3.4.0
Google » Protobuf-Java » Version: 3.5.0

cpe:2.3:a:google:protobuf-java:3.5.0
Google » Protobuf-Java » Version: 3.5.1

cpe:2.3:a:google:protobuf-java:3.5.1
Google » Protobuf-Java » Version: 3.6.0

cpe:2.3:a:google:protobuf-java:3.6.0
Google » Protobuf-Java » Version: 3.6.1

cpe:2.3:a:google:protobuf-java:3.6.1
Google » Protobuf-Java » Version: 3.7.0

cpe:2.3:a:google:protobuf-java:3.7.0
Google » Protobuf-Java » Version: 3.7.1

cpe:2.3:a:google:protobuf-java:3.7.1
Google » Protobuf-Java » Version: 3.8.0

cpe:2.3:a:google:protobuf-java:3.8.0
Google » Protobuf-Java » Version: 3.9.0

cpe:2.3:a:google:protobuf-java:3.9.0
Google » Protobuf-Java » Version: 3.9.1

cpe:2.3:a:google:protobuf-java:3.9.1
Google » Protobuf-Java » Version: 3.9.2

cpe:2.3:a:google:protobuf-java:3.9.2
Google » Protobuf-Kotlin » Version: Any

cpe:2.3:a:google:protobuf-kotlin:*
Google » Protobuf-Kotlin » Version: 3.16.3

cpe:2.3:a:google:protobuf-kotlin:3.16.3
Google » Protobuf-Kotlin » Version: 3.17.0

cpe:2.3:a:google:protobuf-kotlin:3.17.0
Oracle » Communications Cloud Native Core Console » Version: 1.9.0

cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0
Oracle » Communications Cloud Native Core Network Repository Function » Version: 1.15.0

cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0
Oracle » Communications Cloud Native Core Network Repository Function » Version: 1.15.1

cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1
Oracle » Communications Cloud Native Core Policy » Version: 1.15.0

cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0
Oracle » Spatial And Graph Mapviewer » Version: 19c

cpe:2.3:a:oracle:spatial_and_graph_mapviewer:19c
Oracle » Spatial And Graph Mapviewer » Version: 21c

cpe:2.3:a:oracle:spatial_and_graph_mapviewer:21c

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-22569

Products

Pricing

Contact Us