CVE-2022-3171

Name of the Vulnerable Software and Affected Versions protobuf-java versions prior to 3.21.7 protobuf-java versions prior to 3.20.3 protobuf-java versions prior to 3.19.6 protobuf-java versions prior to 3.16.3 Jira Service Management (affected versions not specified) Jira Work Management (affected versions not specified)

Description The issue is related to insufficient input validation in the Java Protocol Buffers library, which can lead to a denial of service attack. A parsing problem with binary data in protobuf-java can cause objects to be converted back and forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. This can occur when inputs contain multiple instances of non-repeated embedded messages with repeated or unknown fields.

Recommendations For protobuf-java versions prior to 3.21.7, update to version 3.21.7 or later. For protobuf-java versions prior to 3.20.3, update to version 3.20.3 or later. For protobuf-java versions prior to 3.19.6, update to version 3.19.6 or later. For protobuf-java versions prior to 3.16.3, update to version 3.16.3 or later. For Jira Service Management, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Jira Work Management, at the moment, there is no information about a newer version that contains a fix for this vulnerability.