An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 21 Apr 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Google

Published:

Updated: 2025-04-21T13:57:08.444Z

Reserved: 2021-01-05T00:00:00.000Z

Link: CVE-2021-22569

cve-icon Vulnrichment

Updated: 2024-08-03T18:44:14.144Z

cve-icon NVD

Status : Modified

Published: 2022-01-10T14:10:16.747

Modified: 2024-11-21T05:50:20.647

Link: CVE-2021-22569

cve-icon Redhat

Severity : Moderate

Publid Date: 2022-01-06T00:00:00Z

Links: CVE-2021-22569 - Bugzilla

cve-icon OpenCVE Enrichment

No data.