Lucene search
GitHub_MCVELIST:CVE-2024-21634HistoryJan 03, 2024 - 10:46 p.m.
CVE-2024-21634 Ion Java StackOverflow vulnerability
2024-01-0322:46:03
CWE-770
GitHub_M
raw.githubusercontent.com
ion java stackoverflow
cve-2024-21634
denial-of-service
ionvalue model
untrusted source
0.0005 Low
EPSS
Percentile
16.2%
Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential denial-of-service issue exists in ion-java for applications that use ion-java to deserialize Ion text encoded data, or deserialize Ion text or binary encoded data into the IonValue model and then invoke certain IonValue methods on that in-memory representation. An actor could craft Ion data that, when loaded by the affected application and/or processed using the IonValue model, results in a StackOverflowError originating from the ion-java library. The patch is included in ion-java 1.10.5. As a workaround, do not load data which originated from an untrusted source or that could have been tampered with.
Related
atlassian
atlassian
osv
osv
Ion Java StackOverflow vulnerability
2024-01-03 22:04:08
ibm
ibm
Security Bulletin: There is a vulnerability in Amazon Ion used by IBM Maximo Asset Management application (CVE-2024-21634)
2024-04-05 15:16:50
cve
cve
CVE-2024-21634
2024-01-03 23:15:08
prion
prion
Design/Logic Flaw
2024-01-03 23:15:00
github
github
Ion Java StackOverflow vulnerability
2024-01-03 22:04:08
veracode
veracode
Stack Overflow
2024-01-04 07:31:53
nessus
nessus
wolfi
wolfi
CVE-2024-21634 vulnerabilities
2024-06-02 09:07:39
oracle
oracle
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00