CVE-2024-7254 Stack overflow in Protocol Buffers Java Lite

2024-09-1900:18:45

CWE-20

Google

www.cve.org

cve-2024-7254

stack overflow

protocol buffers

java lite

untrusted data

nested groups

discardunknownfieldsparser

map fields

recursions

attacker

CVSS4

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/SC:N/VI:N/SI:N/VA:H/SA:N

EPSS

Percentile

9.6%

JSON

Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Protocol Buffers",
    "repo": "https://github.com/protocolbuffers/protobuf",
    "vendor": "Google",
    "versions": [
      {
        "lessThan": "28.2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "collectionURL": "https://mvnrepository.com/artifact/com.google.protobuf/protobuf-java",
    "defaultStatus": "unaffected",
    "product": "protobuf-java",
    "vendor": "Google",
    "versions": [
      {
        "lessThan": "3.25.5",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThan": "4.27.5",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThan": "4.28.2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "protobuf-javalite",
    "vendor": "Google",
    "versions": [
      {
        "lessThan": "3.25.5",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThan": "4.27.5",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThan": "4.28.2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "protobuf-kotlin",
    "vendor": "Google",
    "versions": [
      {
        "lessThan": "3.25.5",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThan": "4.27.5",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThan": "4.28.2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "protobuf-kotllin-lite",
    "vendor": "Google",
    "versions": [
      {
        "lessThan": "3.25.5",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThan": "4.27.5",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThan": "4.28.2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "collectionURL": "https://rubygems.org/gems/google-protobuf",
    "defaultStatus": "unaffected",
    "product": "google-protobuf [JRuby Gem]",
    "vendor": "Google",
    "versions": [
      {
        "lessThan": "3.25.5",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThan": "4.27.5",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThan": "4.28.2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]