VDB

CVE-2021-22569

CVE-2021-22569 PUBLISHED

An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.

EPSS 0.47% · 65.0th percentile

Risk Scores

EPSS Score
0.47%
65.0th percentile

Affected Products

VendorProductVersions
Ubuntu:22.04:LTSprotobuf0, 3.12.4-1ubuntu3, 3.12.4-1ubuntu5
Ubuntu:20.04:LTSprotobuf3.6.1.3-2ubuntu5, 0, 3.6.1.3-2
Ubuntu:Pro:14.04:LTSprotobuf2.4.1-3ubuntu3, 2.4.1-3ubuntu4, 2.5.0-5ubuntu2
Ubuntu:Pro:16.04:LTSprotobuf2.6.1-1.3, 2.6.1-1.3ubuntu0.1~esm1, 2.6.1-1.3ubuntu0.1~esm4
Ubuntu:18.04:LTSprotobuf3.0.0-9.1ubuntu1, 0, 3.0.0-9ubuntu5

Exploit Intelligence

…and 1 more exploits

Timeline

  • CVE Published
  • Jan 7, 2022 EPSS Score
  • Jan 15, 2022 EPSS Score
  • Mar 2, 2022 EPSS Score
  • Apr 24, 2022 EPSS Score
  • Jun 17, 2022 EPSS Score
  • Oct 3, 2022 EPSS Score
  • Nov 25, 2022 EPSS Score
  • Jan 18, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • May 5, 2023 EPSS Score
  • Jun 28, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›