Main Vulnerability Database Exploits ID:7348 - Exploit for Resource management error in protobuf - CVE-2021-22569

ID:7348 - Exploit for Resource management error in protobuf - CVE-2021-22569

Published: February 13, 2022

Vulnerability identifier: #VU60181

Vulnerability risk: Medium

CVE-ID: CVE-2021-22569

CWE-ID: CWE-399

Exploitation vector: Remote access

Vulnerable software:
protobuf

Link to public exploit:

https://github.com/Mario-Kart-Felix/A-potential-Denial-of-Service-issue-in-protobuf-java

Vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application. protobuf-java allowes the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. A remote attacker can trick the victim into passing specially crafted data to the application and perform a denial of service attack.

Remediation

Install updates from vendor's website.

ID:7348 - Exploit for Resource management error in protobuf - CVE-2021-22569

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human