A subtle parsing bug in Google’s Protocol Buffers Java implementation (protobuf‑java and protobuf‑javalite) — tracked as CVE‑2022‑3510 — can be weaponized to produce prolonged garbage collection stalls and a practical denial‑of‑service against Java services that parse crafted messages using...
