Lucene search
Alpine Linux Development TeamALPINE:CVE-2024-7254HistorySep 19, 2024 - 1:15 a.m.
CVE-2024-7254
2024-09-1901:15:10
Alpine Linux Development Team
security.alpinelinux.org
protocol buffers parsing
stackoverflow
discardunknownfieldsparser
java protobuf lite parser
protobuf map fields
unbounded recursions
attacker
unix
CVSS4
8.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/SC:N/VI:N/SI:N/VA:H/SA:N
AI Score
7.5
Confidence
Low
Any project that parses untrusted Protocol Buffers dataย containing an arbitrary number of nested groups / series of SGROUPย tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.
Related
osv
osv
protobuf-java has potential Denial of Service issue
2024-09-19 16:06:03
CVE-2024-7254
2024-09-19 01:15:10
cvelist
cvelist
CVE-2024-7254 Stack overflow in Protocol Buffers Java Lite
2024-09-19 00:18:45
debiancve
debiancve
CVE-2024-7254
2024-09-19 01:15:10
github
github
protobuf-java has potential Denial of Service issue
2024-09-19 16:06:03
nvd
nvd
CVE-2024-7254
2024-09-19 01:15:10
vulnrichment
vulnrichment
CVE-2024-7254 Stack overflow in Protocol Buffers Java Lite
2024-09-19 00:18:45
cve
cve
CVE-2024-7254
2024-09-19 01:15:10
CVSS4
8.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/SC:N/VI:N/SI:N/VA:H/SA:N
AI Score
7.5
Confidence
Low
Related for ALPINE:CVE-2024-7254