Overview
- Description
- Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.
- Source
- cve-coordination@google.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 4.0
- Type
- Secondary
- Base score
- 8.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
Weaknesses
- cve-coordination@google.com
- CWE-20
Social media
- Hype score
- Not currently trending
Top 5 Trending CVEs: 1 - CVE-2024-38178 2 - CVE-2024-9264 3 - CVE-2024-48904 4 - CVE-2019-5790 5 - CVE-2024-7254 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
20 Oct 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
sbt 1.10.3 and Zinc 1.10.3 are released ft - CVE-2024-7254 fix by updating protobuf-java to 3.25.5 - updates metabuild Scala version to 2.12.20 - revert of the invalidation of circular-dependent sources https://t.co/9TwbrigIrA #Scala
@eed3si9n
20 Oct 2024
1206 Impressions
8 Retweets
23 Likes
2 Bookmarks
0 Replies
0 Quotes