14 lines
1.0 KiB
JSON
14 lines
1.0 KiB
JSON
{
|
|
"id": "openEuler-SA-2022-1694",
|
|
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1694",
|
|
"title": "An update for protobuf is now available for openEuler-22.03-LTS",
|
|
"severity": "Moderate",
|
|
"description": "Protocol Buffers (a.k.a., protobuf) are Google's language-neutral, platform-neutral, extensible mechanism for serializing structured data. You can find protobuf's documentation on the Google Developers site.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.(CVE-2021-22569)",
|
|
"cves": [
|
|
{
|
|
"id": "CVE-2021-22569",
|
|
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22569",
|
|
"severity": "Moderate"
|
|
}
|
|
]
|
|
} |