cve 2022 3510

CVE-2022-3510 is a vulnerability in Google's Protocol Buffers Java implementation (protobuf-java and protobuf-javalite) that causes a denial-of-service condition through excessive garbage collection. The bug involves a parsing flaw in message-type extension handling, where crafted inputs trigger repeated conversions between mutable and immutable message representations. This leads to heavy memory allocation and prolonged GC pauses, potentially rendering Java services unresponsive. The vulnerability is not a remote code execution risk but has a significant availability impact. WindowsForum discussions cover the technical details, affected components, and mitigation strategies for this DoS vector in Java applications using Protocol Buffers.