Vulnerability identifier: #VU69293
Vulnerability risk: Medium
Exploitation vector: Local network
Exploit availability: No
Other software / Other software solutions
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input containing multiple instances of non-repeated embedded messages with repeated or unknown fields. A remote attacker can cause objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses.
Install updates from vendor's website.
Vulnerable software versions
protobuf: 3.16.0 - 3.21.6
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?