{"schema_version":"1.7.2","id":"OESA-2022-1694","modified":"2022-06-02T11:03:51Z","published":"2022-06-02T11:03:51Z","upstream":["CVE-2021-22569"],"summary":"protobuf security update","details":"Protocol Buffers (a.k.a., protobuf) are Google\u0026apos;s language-neutral, platform-neutral, extensible mechanism for serializing structured data. You can find protobuf\u0026apos;s documentation on the Google Developers site.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.(CVE-2021-22569)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS","name":"protobuf","purl":"pkg:rpm/openEuler/protobuf\u0026distro=openEuler-22.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.14.0-4.oe2203"}]}],"ecosystem_specific":{"aarch64":["protobuf-debugsource-3.14.0-4.oe2203.aarch64.rpm","protobuf-3.14.0-4.oe2203.aarch64.rpm","protobuf-debuginfo-3.14.0-4.oe2203.aarch64.rpm","protobuf-lite-3.14.0-4.oe2203.aarch64.rpm","protobuf-devel-3.14.0-4.oe2203.aarch64.rpm","protobuf-compiler-3.14.0-4.oe2203.aarch64.rpm","protobuf-lite-devel-3.14.0-4.oe2203.aarch64.rpm"],"noarch":["protobuf-javadoc-3.14.0-4.oe2203.noarch.rpm","protobuf-bom-3.14.0-4.oe2203.noarch.rpm","protobuf-javalite-3.14.0-4.oe2203.noarch.rpm","protobuf-java-util-3.14.0-4.oe2203.noarch.rpm","protobuf-parent-3.14.0-4.oe2203.noarch.rpm","python3-protobuf-3.14.0-4.oe2203.noarch.rpm","protobuf-java-3.14.0-4.oe2203.noarch.rpm"],"src":["protobuf-3.14.0-4.oe2203.src.rpm"],"x86_64":["protobuf-lite-3.14.0-4.oe2203.x86_64.rpm","protobuf-debugsource-3.14.0-4.oe2203.x86_64.rpm","protobuf-lite-devel-3.14.0-4.oe2203.x86_64.rpm","protobuf-devel-3.14.0-4.oe2203.x86_64.rpm","protobuf-3.14.0-4.oe2203.x86_64.rpm","protobuf-compiler-3.14.0-4.oe2203.x86_64.rpm","protobuf-debuginfo-3.14.0-4.oe2203.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1694"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22569"}],"database_specific":{"severity":"Medium"}}