One Article Review
| Source |  Vuln GCP |
|---|---|
| Identifiant | 8296100 |
| Date de publication | 2022-12-21 17:12:56 (vue: 2022-12-30 21:12:37) |
| Titre | GCP-2022-001 |
| Texte | Published:Description Description Severity Notes A potential Denial of Service issue in protobuf-java was discovered in the parsing procedure for binary data. What should I do? Ensure that you're using the latest versions of the following software packages: protobuf-java (3.16.1, 3.18.2, 3.19.2) protobuf-kotlin (3.18.2, 3.19.2) google-protobuf [JRuby gem] (3.19.2) Protobuf "javalite" users (typically Android) are not affected. What vulnerabilities are addressed by this patch? The patch mitigates the following vulnerability: An implementation weakness in how unknown fields are parsed in Java. A small (~800 KB) malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated garbage collection pauses. High CVE-2021-22569 |
| Envoyé | Oui |
| Condensat | 001 2021 2022 22569 addressed affected android are binary can cause collection creating cve data denial description discovered ensure fields following for frequent garbage gcp gem google high how implementation issue java javalite jruby kotlin large latest lived malicious minutes mitigates not notes numbers objects occupy packages: parsed parser parsing patch pauses payload potential procedure protobuf published:description repeated service several severity short should small software that the this typically unknown users using versions vulnerabilities vulnerability: was weakness what you ~800 |
| Tags | |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.