Lucene search
GoogleOSV:CVE-2024-7254HistorySep 19, 2024 - 1:15 a.m.
CVE-2024-7254
2024-09-1901:15:10
Google
osv.dev
CVSS4
8.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/SC:N/VI:N/SI:N/VA:H/SA:N
AI Score
6.9
Confidence
High
Any project that parses untrusted Protocol Buffers dataย containing an arbitrary number of nested groups / series of SGROUPย tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.
Related
osv
osv
protobuf-java has potential Denial of Service issue
2024-09-19 16:06:03
cvelist
cvelist
CVE-2024-7254 Stack overflow in Protocol Buffers Java Lite
2024-09-19 00:18:45
debiancve
debiancve
CVE-2024-7254
2024-09-19 01:15:10
github
github
protobuf-java has potential Denial of Service issue
2024-09-19 16:06:03
nvd
nvd
CVE-2024-7254
2024-09-19 01:15:10
alpinelinux
alpinelinux
CVE-2024-7254
2024-09-19 01:15:10
vulnrichment
vulnrichment
CVE-2024-7254 Stack overflow in Protocol Buffers Java Lite
2024-09-19 00:18:45
cve
cve
CVE-2024-7254
2024-09-19 01:15:10
CVSS4
8.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/SC:N/VI:N/SI:N/VA:H/SA:N
AI Score
6.9
Confidence
High
Related for OSV:CVE-2024-7254