Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.google.protobuf/protobuf-java@2.5.0
Typemaven
Namespacecom.google.protobuf
Nameprotobuf-java
Version2.5.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.25.5
Latest_non_vulnerable_version4.28.2
Affected_by_vulnerabilities
0
url VCID-evzn-t2as-qfbn
vulnerability_id VCID-evzn-t2as-qfbn
summary 
protobuf-java has potential Denial of Service issue
### Summary
When parsing unknown fields in the Protobuf Java Lite and Full library,
a maliciously crafted message can cause a StackOverflow error and lead
to a program crash.

Reporter: Alexis Challande, Trail of Bits Ecosystem Security
Team <ecosystem@trailofbits.com>

Affected versions: This issue affects all versions of both the Java
full and lite Protobuf runtimes, as well as Protobuf for Kotlin and
JRuby, which themselves use the Java Protobuf runtime.

### Severity
[CVE-2024-7254](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7254)
**High** CVSS4.0 Score 8.7 (NOTE: there may be a delay in publication)

This is a potential Denial of Service. Parsing nested groups as unknown
fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser,
or against Protobuf map fields, creates unbounded recursions that can
be abused by an attacker.

### Proof of Concept
For reproduction details, please refer to the unit tests (Protobuf Java
[LiteTest](https://github.com/protocolbuffers/protobuf/blob/a037f28ff81ee45ebe008c64ab632bf5372242ce/java/lite/src/test/java/com/google/protobuf/LiteTest.java)
and [CodedInputStreamTest](https://github.com/protocolbuffers/protobuf/blob/a037f28ff81ee45ebe008c64ab632bf5372242ce/java/core/src/test/java/com/google/protobuf/CodedInputStreamTest.java))
that identify the specific inputs that exercise this parsing weakness.

### Remediation and Mitigation
We have been working diligently to address this issue and have released
a mitigation that is available now. Please update to the latest
available versions of the following packages:

* protobuf-java (3.25.5, 4.27.5, 4.28.2)
* protobuf-javalite (3.25.5, 4.27.5, 4.28.2)
* protobuf-kotlin (3.25.5, 4.27.5, 4.28.2)
* protobuf-kotlin-lite (3.25.5, 4.27.5, 4.28.2)
* com-protobuf [JRuby gem only] (3.25.5, 4.27.5, 4.28.2)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7254.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7254.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-7254
reference_id
reference_type
scores
0
value 0.00134
scoring_system epss
scoring_elements 0.33044
published_at 2026-06-07T12:55:00Z
1
value 0.00134
scoring_system epss
scoring_elements 0.33081
published_at 2026-06-06T12:55:00Z
2
value 0.00134
scoring_system epss
scoring_elements 0.33068
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-7254
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7254
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7254
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/protocolbuffers/protobuf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/protocolbuffers/protobuf
5
reference_url https://github.com/protocolbuffers/protobuf/commit/4728531c162f2f9e8c2ca1add713cfee2db6be3b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/protocolbuffers/protobuf/commit/4728531c162f2f9e8c2ca1add713cfee2db6be3b
6
reference_url https://github.com/protocolbuffers/protobuf/commit/850fcce9176e2c9070614dab53537760498c926b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/protocolbuffers/protobuf/commit/850fcce9176e2c9070614dab53537760498c926b
7
reference_url https://github.com/protocolbuffers/protobuf/commit/9a5f5fe752a20cbac2e722b06949ac985abdd534
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/protocolbuffers/protobuf/commit/9a5f5fe752a20cbac2e722b06949ac985abdd534
8
reference_url https://github.com/protocolbuffers/protobuf/commit/ac9fb5b4c71b0dd80985b27684e265d1f03abf46
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/protocolbuffers/protobuf/commit/ac9fb5b4c71b0dd80985b27684e265d1f03abf46
9
reference_url https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-19T14:29:43Z/
url https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa
10
reference_url https://github.com/protocolbuffers/protobuf/commit/d6c82fc55a76481c676f541a255571e8950bb8c3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/protocolbuffers/protobuf/commit/d6c82fc55a76481c676f541a255571e8950bb8c3
11
reference_url https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-735f-pc8j-v9w8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-735f-pc8j-v9w8
12
reference_url https://security.netapp.com/advisory/ntap-20241213-0010
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20241213-0010
13
reference_url https://security.netapp.com/advisory/ntap-20250418-0006
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250418-0006
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082381
reference_id 1082381
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082381
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2313454
reference_id 2313454
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2313454
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-7254
reference_id CVE-2024-7254
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-7254
17
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/google-protobuf/CVE-2024-7254.yml
reference_id CVE-2024-7254.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/google-protobuf/CVE-2024-7254.yml
18
reference_url https://github.com/advisories/GHSA-735f-pc8j-v9w8
reference_id GHSA-735f-pc8j-v9w8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-735f-pc8j-v9w8
19
reference_url https://access.redhat.com/errata/RHSA-2024:10700
reference_id RHSA-2024:10700
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10700
20
reference_url https://access.redhat.com/errata/RHSA-2024:11255
reference_id RHSA-2024:11255
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:11255
21
reference_url https://access.redhat.com/errata/RHSA-2024:11256
reference_id RHSA-2024:11256
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:11256
22
reference_url https://access.redhat.com/errata/RHSA-2024:7670
reference_id RHSA-2024:7670
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7670
23
reference_url https://access.redhat.com/errata/RHSA-2024:7676
reference_id RHSA-2024:7676
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7676
24
reference_url https://access.redhat.com/errata/RHSA-2024:7972
reference_id RHSA-2024:7972
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7972
25
reference_url https://access.redhat.com/errata/RHSA-2024:8064
reference_id RHSA-2024:8064
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8064
26
reference_url https://access.redhat.com/errata/RHSA-2025:20052
reference_id RHSA-2025:20052
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:20052
27
reference_url https://access.redhat.com/errata/RHSA-2025:20057
reference_id RHSA-2025:20057
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:20057
28
reference_url https://usn.ubuntu.com/7435-1/
reference_id USN-7435-1
reference_type
scores
url https://usn.ubuntu.com/7435-1/
29
reference_url https://usn.ubuntu.com/7629-1/
reference_id USN-7629-1
reference_type
scores
url https://usn.ubuntu.com/7629-1/
30
reference_url https://usn.ubuntu.com/7629-2/
reference_id USN-7629-2
reference_type
scores
url https://usn.ubuntu.com/7629-2/
fixed_packages
0
url pkg:maven/com.google.protobuf/protobuf-java@3.25.5
purl pkg:maven/com.google.protobuf/protobuf-java@3.25.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.protobuf/protobuf-java@3.25.5
1
url pkg:maven/com.google.protobuf/protobuf-java@4.27.5
purl pkg:maven/com.google.protobuf/protobuf-java@4.27.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.protobuf/protobuf-java@4.27.5
2
url pkg:maven/com.google.protobuf/protobuf-java@4.28.2
purl pkg:maven/com.google.protobuf/protobuf-java@4.28.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.protobuf/protobuf-java@4.28.2
aliases CVE-2024-7254, GHSA-735f-pc8j-v9w8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-evzn-t2as-qfbn
1
url VCID-f9f2-212v-c7a6
vulnerability_id VCID-f9f2-212v-c7a6
summary Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22570.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22570.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22570
reference_id
reference_type
scores
0
value 0.00138
scoring_system epss
scoring_elements 0.33582
published_at 2026-06-06T12:55:00Z
1
value 0.00138
scoring_system epss
scoring_elements 0.33466
published_at 2026-06-04T12:55:00Z
2
value 0.00138
scoring_system epss
scoring_elements 0.33568
published_at 2026-06-05T12:55:00Z
3
value 0.00138
scoring_system epss
scoring_elements 0.33547
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22570
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22570
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22570
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-77rm-9x9h-xj3g
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-77rm-9x9h-xj3g
5
reference_url https://github.com/protocolbuffers/protobuf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/protocolbuffers/protobuf
6
reference_url https://github.com/protocolbuffers/protobuf/releases/tag/v3.15.0
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:35:59Z/
url https://github.com/protocolbuffers/protobuf/releases/tag/v3.15.0
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/protobuf/PYSEC-2022-48.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/protobuf/PYSEC-2022-48.yaml
8
reference_url https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:35:59Z/
url https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DVUZPALAQ34TQP6KFNLM4IZS6B32XSA
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DVUZPALAQ34TQP6KFNLM4IZS6B32XSA
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DVUZPALAQ34TQP6KFNLM4IZS6B32XSA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DVUZPALAQ34TQP6KFNLM4IZS6B32XSA/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTRGBRC5KGCA4SK5MUNLPYJRAGXMBIYY
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTRGBRC5KGCA4SK5MUNLPYJRAGXMBIYY
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFX6KPNOFHYD6L4XES5PCM3QNSKZBOTQ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFX6KPNOFHYD6L4XES5PCM3QNSKZBOTQ
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFX6KPNOFHYD6L4XES5PCM3QNSKZBOTQ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFX6KPNOFHYD6L4XES5PCM3QNSKZBOTQ/
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTWVQRB5OCCTMKEQFY5MYED3DXDVSLP
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTWVQRB5OCCTMKEQFY5MYED3DXDVSLP
18
reference_url https://security.netapp.com/advisory/ntap-20220429-0005
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220429-0005
19
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:35:59Z/
url https://www.oracle.com/security-alerts/cpuapr2022.html
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2049429
reference_id 2049429
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2049429
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DVUZPALAQ34TQP6KFNLM4IZS6B32XSA/
reference_id 3DVUZPALAQ34TQP6KFNLM4IZS6B32XSA
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:35:59Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DVUZPALAQ34TQP6KFNLM4IZS6B32XSA/
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X/
reference_id 5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:35:59Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X/
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BTRGBRC5KGCA4SK5MUNLPYJRAGXMBIYY/
reference_id BTRGBRC5KGCA4SK5MUNLPYJRAGXMBIYY
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:35:59Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BTRGBRC5KGCA4SK5MUNLPYJRAGXMBIYY/
24
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-22570
reference_id CVE-2021-22570
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-22570
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFX6KPNOFHYD6L4XES5PCM3QNSKZBOTQ/
reference_id IFX6KPNOFHYD6L4XES5PCM3QNSKZBOTQ
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:35:59Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFX6KPNOFHYD6L4XES5PCM3QNSKZBOTQ/
26
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B/
reference_id KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:35:59Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B/
27
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE/
reference_id MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:35:59Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE/
28
reference_url https://security.netapp.com/advisory/ntap-20220429-0005/
reference_id ntap-20220429-0005
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:35:59Z/
url https://security.netapp.com/advisory/ntap-20220429-0005/
29
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTWVQRB5OCCTMKEQFY5MYED3DXDVSLP/
reference_id NVTWVQRB5OCCTMKEQFY5MYED3DXDVSLP
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:35:59Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTWVQRB5OCCTMKEQFY5MYED3DXDVSLP/
30
reference_url https://access.redhat.com/errata/RHSA-2022:7464
reference_id RHSA-2022:7464
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7464
31
reference_url https://access.redhat.com/errata/RHSA-2022:7970
reference_id RHSA-2022:7970
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7970
32
reference_url https://access.redhat.com/errata/RHSA-2022:8847
reference_id RHSA-2022:8847
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8847
33
reference_url https://access.redhat.com/errata/RHSA-2022:8860
reference_id RHSA-2022:8860
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8860
34
reference_url https://access.redhat.com/errata/RHSA-2024:3433
reference_id RHSA-2024:3433
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3433
35
reference_url https://usn.ubuntu.com/5490-1/
reference_id USN-5490-1
reference_type
scores
url https://usn.ubuntu.com/5490-1/
36
reference_url https://usn.ubuntu.com/5945-1/
reference_id USN-5945-1
reference_type
scores
url https://usn.ubuntu.com/5945-1/
fixed_packages
0
url pkg:maven/com.google.protobuf/protobuf-java@3.15.0
purl pkg:maven/com.google.protobuf/protobuf-java@3.15.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cyk5-5eaa-nubh
1
vulnerability VCID-evzn-t2as-qfbn
2
vulnerability VCID-sar2-p37e-b3df
3
vulnerability VCID-w8kg-x567-r7bj
4
vulnerability VCID-z8kw-qr2z-4qe7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.protobuf/protobuf-java@3.15.0
aliases CVE-2021-22570, GHSA-77rm-9x9h-xj3g, PYSEC-2022-48
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f9f2-212v-c7a6
2
url VCID-w8kg-x567-r7bj
vulnerability_id VCID-w8kg-x567-r7bj
summary 
protobuf-java has a potential Denial of Service issue
## Summary
A potential Denial of Service issue in `protobuf-java` core and lite was
discovered in the parsing procedure for binary and text format data.
Input streams containing multiple instances of non-repeated [embedded
messages](http://developers.google.com/protocol-buffers/docs/encoding#embedded)
with repeated or unknown fields causes objects to be converted back-n-forth
between mutable and immutable forms, resulting in potentially long garbage
collection pauses.

Reporter: [OSS Fuzz](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48771)

Affected versions: This issue affects both the Java full and lite Protobuf
runtimes, as well as Protobuf for Kotlin and JRuby, which themselves use the
Java Protobuf runtime.

## Severity

[CVE-2022-3171](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3171)
Medium - CVSS Score: 5.7 (NOTE: there may be a delay in publication)

## Remediation and Mitigation

Please update to the latest available versions of the following packages:

* protobuf-java (3.21.7, 3.20.3, 3.19.6, 3.16.3)
* protobuf-javalite (3.21.7, 3.20.3, 3.19.6, 3.16.3)
* protobuf-kotlin (3.21.7, 3.20.3, 3.19.6, 3.16.3)
* protobuf-kotlin-lite (3.21.7, 3.20.3, 3.19.6, 3.16.3)
* google-protobuf [JRuby gem only] (3.21.7, 3.20.3, 3.19.6)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3171.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3171.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3171
reference_id
reference_type
scores
0
value 0.0011
scoring_system epss
scoring_elements 0.29025
published_at 2026-06-06T12:55:00Z
1
value 0.0011
scoring_system epss
scoring_elements 0.29059
published_at 2026-06-05T12:55:00Z
2
value 0.0011
scoring_system epss
scoring_elements 0.28989
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3171
2
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48771
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48771
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3171
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3171
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/protocolbuffers/protobuf
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/protocolbuffers/protobuf
6
reference_url https://github.com/protocolbuffers/protobuf/releases/tag/v21.7
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/protocolbuffers/protobuf/releases/tag/v21.7
7
reference_url https://github.com/protocolbuffers/protobuf/releases/tag/v3.16.3
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/protocolbuffers/protobuf/releases/tag/v3.16.3
8
reference_url https://github.com/protocolbuffers/protobuf/releases/tag/v3.19.6
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/protocolbuffers/protobuf/releases/tag/v3.19.6
9
reference_url https://github.com/protocolbuffers/protobuf/releases/tag/v3.20.3
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/protocolbuffers/protobuf/releases/tag/v3.20.3
10
reference_url https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3
scoring_elements
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
3
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:36:41Z/
url https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/google-protobuf/CVE-2022-3171.yml
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/google-protobuf/CVE-2022-3171.yml
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3/
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP/
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-3171
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-3171
17
reference_url https://security.gentoo.org/glsa/202301-09
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:36:41Z/
url https://security.gentoo.org/glsa/202301-09
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2137645
reference_id 2137645
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2137645
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3/
reference_id CBAUKJQL6O4TIWYBENORSY5P43TVB4M3
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:36:41Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3/
20
reference_url https://github.com/advisories/GHSA-h4h5-3hr4-j3g2
reference_id GHSA-h4h5-3hr4-j3g2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h4h5-3hr4-j3g2
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP/
reference_id MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:36:41Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP/
22
reference_url https://access.redhat.com/errata/RHSA-2022:7896
reference_id RHSA-2022:7896
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7896
23
reference_url https://access.redhat.com/errata/RHSA-2022:9023
reference_id RHSA-2022:9023
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:9023
24
reference_url https://access.redhat.com/errata/RHSA-2023:1006
reference_id RHSA-2023:1006
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1006
25
reference_url https://access.redhat.com/errata/RHSA-2023:4983
reference_id RHSA-2023:4983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4983
fixed_packages
0
url pkg:maven/com.google.protobuf/protobuf-java@3.16.3
purl pkg:maven/com.google.protobuf/protobuf-java@3.16.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-evzn-t2as-qfbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.protobuf/protobuf-java@3.16.3
1
url pkg:maven/com.google.protobuf/protobuf-java@3.19.6
purl pkg:maven/com.google.protobuf/protobuf-java@3.19.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-evzn-t2as-qfbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.protobuf/protobuf-java@3.19.6
2
url pkg:maven/com.google.protobuf/protobuf-java@3.20.3
purl pkg:maven/com.google.protobuf/protobuf-java@3.20.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-evzn-t2as-qfbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.protobuf/protobuf-java@3.20.3
3
url pkg:maven/com.google.protobuf/protobuf-java@3.21.7
purl pkg:maven/com.google.protobuf/protobuf-java@3.21.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-evzn-t2as-qfbn
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.protobuf/protobuf-java@3.21.7
aliases CVE-2022-3171, GHSA-h4h5-3hr4-j3g2, GMS-2022-4942, GMS-2022-4943, GMS-2022-4944, GMS-2022-4945, GMS-2022-5022
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w8kg-x567-r7bj
3
url VCID-z8kw-qr2z-4qe7
vulnerability_id VCID-z8kw-qr2z-4qe7
summary 
Duplicate
This advisory duplicates another.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22569.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22569.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22569
reference_id
reference_type
scores
0
value 0.00471
scoring_system epss
scoring_elements 0.64999
published_at 2026-06-06T12:55:00Z
1
value 0.00471
scoring_system epss
scoring_elements 0.64947
published_at 2026-06-04T12:55:00Z
2
value 0.00471
scoring_system epss
scoring_elements 0.64989
published_at 2026-06-05T12:55:00Z
3
value 0.00471
scoring_system epss
scoring_elements 0.64987
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22569
2
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39330
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:40:37Z/
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39330
3
reference_url https://cloud.google.com/support/bulletins#gcp-2022-001
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:40:37Z/
url https://cloud.google.com/support/bulletins#gcp-2022-001
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22569
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22569
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/protocolbuffers/protobuf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/protocolbuffers/protobuf
7
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:40:37Z/
url https://www.oracle.com/security-alerts/cpuapr2022.html
8
reference_url http://www.openwall.com/lists/oss-security/2022/01/12/4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:40:37Z/
url http://www.openwall.com/lists/oss-security/2022/01/12/4
9
reference_url http://www.openwall.com/lists/oss-security/2022/01/12/7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:40:37Z/
url http://www.openwall.com/lists/oss-security/2022/01/12/7
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2039903
reference_id 2039903
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2039903
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-22569
reference_id CVE-2021-22569
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-22569
12
reference_url https://github.com/advisories/GHSA-wrvw-hg22-4m67
reference_id GHSA-wrvw-hg22-4m67
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wrvw-hg22-4m67
13
reference_url https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-wrvw-hg22-4m67
reference_id GHSA-wrvw-hg22-4m67
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-wrvw-hg22-4m67
14
reference_url https://access.redhat.com/errata/RHSA-2022:1013
reference_id RHSA-2022:1013
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1013
15
reference_url https://access.redhat.com/errata/RHSA-2022:4623
reference_id RHSA-2022:4623
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4623
16
reference_url https://access.redhat.com/errata/RHSA-2022:5532
reference_id RHSA-2022:5532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5532
17
reference_url https://access.redhat.com/errata/RHSA-2022:5903
reference_id RHSA-2022:5903
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5903
18
reference_url https://access.redhat.com/errata/RHSA-2022:6835
reference_id RHSA-2022:6835
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6835
19
reference_url https://access.redhat.com/errata/RHSA-2022:7896
reference_id RHSA-2022:7896
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7896
20
reference_url https://access.redhat.com/errata/RHSA-2022:8761
reference_id RHSA-2022:8761
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8761
21
reference_url https://usn.ubuntu.com/5945-1/
reference_id USN-5945-1
reference_type
scores
url https://usn.ubuntu.com/5945-1/
fixed_packages
0
url pkg:maven/com.google.protobuf/protobuf-java@3.16.1
purl pkg:maven/com.google.protobuf/protobuf-java@3.16.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cyk5-5eaa-nubh
1
vulnerability VCID-evzn-t2as-qfbn
2
vulnerability VCID-sar2-p37e-b3df
3
vulnerability VCID-w8kg-x567-r7bj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.protobuf/protobuf-java@3.16.1
1
url pkg:maven/com.google.protobuf/protobuf-java@3.18.2
purl pkg:maven/com.google.protobuf/protobuf-java@3.18.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cyk5-5eaa-nubh
1
vulnerability VCID-evzn-t2as-qfbn
2
vulnerability VCID-sar2-p37e-b3df
3
vulnerability VCID-w8kg-x567-r7bj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.protobuf/protobuf-java@3.18.2
2
url pkg:maven/com.google.protobuf/protobuf-java@3.19.2
purl pkg:maven/com.google.protobuf/protobuf-java@3.19.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cyk5-5eaa-nubh
1
vulnerability VCID-evzn-t2as-qfbn
2
vulnerability VCID-sar2-p37e-b3df
3
vulnerability VCID-w8kg-x567-r7bj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.google.protobuf/protobuf-java@3.19.2
aliases CVE-2021-22569, GHSA-wrvw-hg22-4m67, GMS-2022-1, GMS-2022-5, GMS-2022-6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z8kw-qr2z-4qe7
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.google.protobuf/protobuf-java@2.5.0