SUSE: CVE-2022-3171: SUSE Linux Security Advisory
Description
A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.
Solution(s)
- suse-upgrade-azure-cli-core
- suse-upgrade-grpc-devel
- suse-upgrade-grpc-source
- suse-upgrade-libgrpc-1
- suse-upgrade-libgrpc8
- suse-upgrade-libprotobuf-lite20
- suse-upgrade-libprotobuf-lite20-32bit
- suse-upgrade-libprotobuf20
- suse-upgrade-libprotobuf20-32bit
- suse-upgrade-libprotoc20
- suse-upgrade-libprotoc20-32bit
- suse-upgrade-protobuf-devel
- suse-upgrade-protobuf-java
- suse-upgrade-protobuf-source
- suse-upgrade-python2-cryptography
- suse-upgrade-python2-cryptography-vectors
- suse-upgrade-python2-googleapis-common-protos
- suse-upgrade-python2-grpcio
- suse-upgrade-python2-grpcio-gcp
- suse-upgrade-python2-jsondiff
- suse-upgrade-python2-protobuf
- suse-upgrade-python2-psutil
- suse-upgrade-python2-requests
- suse-upgrade-python3-aiocontextvars
- suse-upgrade-python3-automat
- suse-upgrade-python3-avro
- suse-upgrade-python3-constantly
- suse-upgrade-python3-cryptography
- suse-upgrade-python3-cryptography-vectors
- suse-upgrade-python3-deprecated
- suse-upgrade-python3-google-api-core
- suse-upgrade-python3-googleapis-common-protos
- suse-upgrade-python3-grpcio
- suse-upgrade-python3-grpcio-gcp
- suse-upgrade-python3-humanfriendly
- suse-upgrade-python3-hyperlink
- suse-upgrade-python3-incremental
- suse-upgrade-python3-jsondiff
- suse-upgrade-python3-knack
- suse-upgrade-python3-opencensus
- suse-upgrade-python3-opencensus-context
- suse-upgrade-python3-opencensus-ext-threading
- suse-upgrade-python3-opentelemetry-api
- suse-upgrade-python3-protobuf
- suse-upgrade-python3-psutil
- suse-upgrade-python3-pygithub
- suse-upgrade-python3-pytest
- suse-upgrade-python3-pytest-asyncio
- suse-upgrade-python3-requests
- suse-upgrade-python3-twisted
- suse-upgrade-python3-websocket-client
- suse-upgrade-python3-websockets
- suse-upgrade-python3-zope-interface
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center