2 matches found
CVE-2026-45799
The CVE-2026-45799 issue affects com.squareup.wire:wire-runtime (and related artifacts) where ByteArrayProtoReader32.skipGroup() and ProtoReader.skipGroup() fail to reject negative LENGTH_DELIMITED lengths before skip(). A crafted protobuf varint of -128 can drive the internal position negative, ...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the skipGroup function. An attacker can cause a service crash by sending a crafted protobuf payload with a negative length in a length-delimited field inside a group, leading to an unchecked runtime...