A potential Denial of Service issue in protobuf-java core and lite was discovered in the parsing procedure for binary and text format data. Input streams containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses.
This issue has been addressed in the following products: RHINT Debezium 1.9.7 Via RHSA-2022:7896 https://access.redhat.com/errata/RHSA-2022:7896
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-3171
This issue has been addressed in the following products: Red Hat build of Quarkus 2.13.5 Via RHSA-2022:9023 https://access.redhat.com/errata/RHSA-2022:9023
This issue has been addressed in the following products: Red Hat build of Quarkus 2.7.7 Via RHSA-2023:1006 https://access.redhat.com/errata/RHSA-2023:1006
This issue has been addressed in the following products: RHPAM 7.13.4 async Via RHSA-2023:4983 https://access.redhat.com/errata/RHSA-2023:4983