apk package
chainguard/hadoop-client-modules
pkg:apk/chainguard/hadoop-client-modules
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-3171 | — | < 3.3.6-r8 | 3.3.6-r8 | Oct 12, 2022 | A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be | ||
| CVE-2021-22570 | — | < 3.3.6-r7 | 3.3.6-r7 | Jan 26, 2022 | Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend | ||
| CVE-2021-22569 | — | < 3.3.6-r8 | 3.3.6-r8 | Jan 7, 2022 | An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause fre | ||
| CVE-2021-31684 | — | < 3.3.6-r7 | 3.3.6-r7 | Jun 1, 2021 | A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request. | ||
| CVE-2020-8908 | — | < 3.3.6-r8 | 3.3.6-r8 | Dec 10, 2020 | A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the |
- CVE-2022-3171Oct 12, 2022affected < 3.3.6-r8fixed 3.3.6-r8
A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be
- CVE-2021-22570Jan 26, 2022affected < 3.3.6-r7fixed 3.3.6-r7
Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend
- CVE-2021-22569Jan 7, 2022affected < 3.3.6-r8fixed 3.3.6-r8
An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause fre
- CVE-2021-31684Jun 1, 2021affected < 3.3.6-r7fixed 3.3.6-r7
A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request.
- CVE-2020-8908Dec 10, 2020affected < 3.3.6-r8fixed 3.3.6-r8
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the
Page 2 of 2