CVE-2024-2410

2024-05-0313:15:21

Debian Security Bug Tracker

security-tracker.debian.org

cve-2024-2410

json parsing

stream

memory corruption

protocol buffers

c++

CVSS3

7.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

AI Score

7.1

Confidence

Low

EPSS

Percentile

9.0%

JSON

The JsonToBinaryStream() function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes from a chunk that has already been freed.

OSVersionArchitecturePackageVersionFilename
Debian12allprotobuf< 3.21.12-3protobuf_3.21.12-3_all.deb
Debian11allprotobuf< 3.12.4-1+deb11u1protobuf_3.12.4-1+deb11u1_all.deb
Debian999allprotobuf< 3.21.12-9protobuf_3.21.12-9_all.deb
Debian13allprotobuf< 3.21.12-8.2protobuf_3.21.12-8.2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	protobuf	< 3.21.12-3	protobuf_3.21.12-3_all.deb
Debian	11	all	protobuf	< 3.12.4-1+deb11u1	protobuf_3.12.4-1+deb11u1_all.deb
Debian	999	all	protobuf	< 3.21.12-9	protobuf_3.21.12-9_all.deb
Debian	13	all	protobuf	< 3.21.12-8.2	protobuf_3.21.12-8.2_all.deb