CVE-2021-22569, GHSA-wrvw-hg22-4m67, GMS-2022-6
maven/com.google.protobuf/protobuf-kotlin
Denial Of Service
An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet
fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.
All versions before 3.18.2, all versions starting from 3.19.0 before 3.19.2
Upgrade to versions 3.18.2, 3.19.2 or above.
2022-01-19
source |