Ubuntu: USN-5945-1 (CVE-2021-22569): Protocol Buffers vulnerabilities
4
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
01/10/2022
03/29/2023
03/22/2023
05/01/2023
Description
An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.
Solution(s)
- ubuntu-upgrade-libprotobuf-java
- ubuntu-upgrade-libprotobuf-lite10
- ubuntu-upgrade-libprotobuf-lite17
- ubuntu-upgrade-libprotobuf-lite23
- ubuntu-upgrade-libprotobuf-lite8
- ubuntu-upgrade-libprotobuf10
- ubuntu-upgrade-libprotobuf23
- ubuntu-upgrade-libprotobuf8
- ubuntu-upgrade-libprotoc-dev
- ubuntu-upgrade-libprotoc10
- ubuntu-upgrade-libprotoc17
- ubuntu-upgrade-libprotoc23
- ubuntu-upgrade-libprotoc8
- ubuntu-upgrade-protobuf-compiler
- ubuntu-upgrade-python-protobuf
- ubuntu-upgrade-python3-protobuf
Advanced vulnerability management analytics and reporting.
Key Features
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center