mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-30 18:56:19 +00:00
1.9 KiB
1.9 KiB
CVE-2021-22569
Description
An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.
POC
Reference
- http://www.openwall.com/lists/oss-security/2022/01/12/4
- http://www.openwall.com/lists/oss-security/2022/01/12/7
- https://www.oracle.com/security-alerts/cpuapr2022.html
Github
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/ARPSyndicate/cvemon
- https://github.com/CodeIntelligenceTesting/jazzer
- https://github.com/Mario-Kart-Felix/A-potential-Denial-of-Service-issue-in-protobuf-java
- https://github.com/NaInSec/CVE-PoC-in-GitHub
- https://github.com/SYRTI/POC_to_review
- https://github.com/TinkerBoard-Android/rockchip-android-external-jazzer-api
- https://github.com/WhooAmii/POC_to_review
- https://github.com/k0mi-tg/CVE-POC
- https://github.com/manas3c/CVE-POC
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/soosmile/POC
- https://github.com/trhacknon/Pocingit
- https://github.com/whoforget/CVE-POC
- https://github.com/youwizard/CVE-POC
- https://github.com/zecool/cve