protobuf-java contains the Java bindings for Google's Protocol Buffers.
Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back and forth between mutable and immutable forms, resulting in potentially long garbage collection pauses.
Crafted input can trigger a denial of service via long garbage collection pauses.
There is no known workaround at this time.
All protobuf-java users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/protobuf-java-3.20.3"