Security Bulletin: IBM® Db2® federated server is vulnerable to unbounded recursions due to a vulnerability in protobuf-java (CVE-2024-7254).

Summary Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite...