Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]
- Gentoo Linux Security Advisory 202301-09[6]
- Authored by Gentoo[7] | Site security.gentoo.org[8]
-
Gentoo Linux Security Advisory 202301-9 - A vulnerability has been discovered in protobuf-java which could result in denial of service. Versions less than 3.20.3 are affected.
- systems | linux[9], gentoo[10]
- advisories | CVE-2022-3171[11], CVE-2022-3509[12], CVE-2022-3510[13]
- SHA-256 |
cc6d14bcef672773530eeb289efb90812d18552fdbb505d47acafcd798c97a92
- Download[14] | Favorite[15] | View[16]
Change Mirror[17] Download[18]
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202301-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: protobuf-java: Denial of Service
Date: January 11, 2023
Bugs: #876903
ID: 202301-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
A vulnerability has been discovered in protobuf-java which could result
in denial of service.
Background
==========
protobuf-java contains the Java bindings for Google's Protocol Buffers.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/protobuf-java < 3.20.3 >= 3.20.3
Description
===========
Inputs containing multiple instances of non-repeated embedded messages
with repeated or unknown fields causes objects to be converted back and
forth between mutable and immutable forms, resulting in potentially long
garbage collection pauses.
Impact
======
Crafted input can trigger a denial of service via long garbage
collection pauses.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All protobuf-java users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/protobuf-java-3.20.3"
References
==========
[ 1 ] CVE-2022-3171
https://nvd.nist.gov/vuln/detail/CVE-2022-3171
[ 2 ] CVE-2022-3509
https://nvd.nist.gov/vuln/detail/CVE-2022-3509
[ 3 ] CVE-2022-3510
https://nvd.nist.gov/vuln/detail/CVE-2022-3510
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202301-09
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed toCette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser. or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2023 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
File Tags
- ActiveX[23] (932)
- Advisory[24] (79,837)
- Arbitrary[25] (15,730)
- BBS[26] (2,859)
- Bypass[27] (1,625)
- CGI[28] (1,018)
- Code Execution[29] (6,953)
- Conference[30] (674)
- Cracker[31] (840)
- CSRF[32] (3,293)
- DoS[33] (22,640)
- Encryption[34] (2,353)
- Exploit[35] (50,426)
- File Inclusion[36] (4,166)
- File Upload[37] (947)
- Firewall[38] (821)
- Info Disclosure[39] (2,664)
- Intrusion Detection[40] (868)
- Java[41] (2,906)
- JavaScript[42] (823)
- Kernel[43] (6,313)
- Local[44] (14,214)
- Magazine[45] (586)
- Overflow[46] (12,434)
- Perl[47] (1,418)
- PHP[48] (5,097)
- Proof of Concept[49] (2,293)
- Protocol[50] (3,439)
- Python[51] (1,468)
- Remote[52] (30,084)
- Root[53] (3,506)
- Rootkit[54] (501)
- Ruby[55] (595)
- Scanner[56] (1,633)
- Security Tool[57] (7,793)
- Shell[58] (3,108)
- Shellcode[59] (1,206)
- Sniffer[60] (887)
- Spoof[61] (2,172)
- SQL Injection[62] (16,116)
- TCP[63] (2,382)
- Trojan[64] (686)
- UDP[65] (878)
- Virus[66] (662)
- Vulnerability[67] (31,175)
- Web[68] (9,380)
- Whitepaper[69] (3,732)
- x86[70] (946)
- XSS[71] (17,503)
- Other[72]
File Archives
- January 2023[73]
- December 2022[74]
- November 2022[75]
- October 2022[76]
- September 2022[77]
- August 2022[78]
- July 2022[79]
- June 2022[80]
- May 2022[81]
- April 2022[82]
- March 2022[83]
- February 2022[84]
- Older[85]
Systems
- AIX[86] (426)
- Apple[87] (1,935)
- BSD[88] (370)
- CentOS[89] (55)
- Cisco[90] (1,917)
- Debian[91] (6,646)
- Fedora[92] (1,690)
- FreeBSD[93] (1,242)
- Gentoo[94] (4,288)
- HPUX[95] (878)
- iOS[96] (333)
- iPhone[97] (108)
- IRIX[98] (220)
- Juniper[99] (67)
- Linux[100] (44,395)
- Mac OS X[101] (684)
- Mandriva[102] (3,105)
- NetBSD[103] (255)
- OpenBSD[104] (479)
- RedHat[105] (12,487)
- Slackware[106] (941)
- Solaris[107] (1,607)
- SUSE[108] (1,444)
- Ubuntu[109] (8,226)
- UNIX[110] (9,174)
- UnixWare[111] (185)
- Windows[112] (6,511)
- Other[113]
Read more https://packetstormsecurity.com/files/170465/glsa-202301-09.txt