- Description
- Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.
- Source
- cve-coordination@google.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 8.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
- cve-coordination@google.com
- CWE-20
- Hype score
- Not currently trending
IBM, La faille CVE-2024-7254 Sterling B2B pourrait permettre à un attaquant d’obtenir des privilèges administratifs sur le système. https://t.co/Vm2pHpb6h7 #.Code Arbitraire à Distance #.Correctif #.Déni de service #.Elévation de Privilèges #.Faille
@NicolasCoolman
3 Feb 2025
10 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-38178 2 - CVE-2024-9264 3 - CVE-2024-48904 4 - CVE-2019-5790 5 - CVE-2024-7254 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
20 Oct 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
sbt 1.10.3 and Zinc 1.10.3 are released ft - CVE-2024-7254 fix by updating protobuf-java to 3.25.5 - updates metabuild Scala version to 2.12.20 - revert of the invalidation of circular-dependent sources https://t.co/9TwbrigIrA #Scala
@eed3si9n
20 Oct 2024
1206 Impressions
8 Retweets
23 Likes
2 Bookmarks
0 Replies
0 Quotes