VYPR

apk package

chainguard/hadoop-client-modules

pkg:apk/chainguard/hadoop-client-modules

Vulnerabilities (25)

  • CVE-2022-3171Oct 12, 2022
    affected < 3.3.6-r8fixed 3.3.6-r8

    A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be

  • CVE-2021-22570Jan 26, 2022
    affected < 3.3.6-r7fixed 3.3.6-r7

    Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend

  • CVE-2021-22569Jan 7, 2022
    affected < 3.3.6-r8fixed 3.3.6-r8

    An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause fre

  • CVE-2021-31684Jun 1, 2021
    affected < 3.3.6-r7fixed 3.3.6-r7

    A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request.

  • CVE-2020-8908Dec 10, 2020
    affected < 3.3.6-r8fixed 3.3.6-r8

    A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the

Page 2 of 2