CVE-2024-7254 Stack overflow in Protocol Buffers Java Lite

Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or...

CVE-2024-7254

Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or...

CVE-2024-7254 Stack overflow in Protocol Buffers Java Lite

Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or...

CVE-2024-7254

CVE-2024-7254 describes a stack overflow DoS in parsers when handling untrusted Protocol Buffers data with deeply nested SGROUP/group structures. The root cause is unbounded recursion when parsing unknown fields (DiscardUnknownFieldsParser) or Java Protobuf Lite against nested groups or map field...

BIT-GOLANG-2024-34156 Stack exhaustion in Decoder.Decode in encoding/gob

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635...

CVE-2024-34156

A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Mitigation Mitigation for this issue is either not available o...

AZL-79078 CVE-2024-34158 affecting package golang 1.25.7-1

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion...

AZL-48929 CVE-2024-34158 affecting package golang for versions less than 1.18.8-6

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion...

CVE-2024-34156

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635...

AZL-78970 CVE-2024-34156 affecting package golang 1.25.7-1

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635...

DEBIAN-CVE-2024-34156

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635...

DEBIAN-CVE-2024-34155

Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion...

AZL-78988 CVE-2024-34155 affecting package golang 1.25.7-1

Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion...

AZL-48896 CVE-2024-34155 affecting package golang for versions less than 1.18.8-8

Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion...

UBUNTU-CVE-2024-34156

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635...

UBUNTU-CVE-2024-34155

Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion...

UBUNTU-CVE-2024-34158

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion...

CVE-2024-34156 Stack exhaustion in Decoder.Decode in encoding/gob

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635...

CVE-2024-34156

CVE-2024-34156 affects Go’s Decoder.Decode when processing messages with deeply nested structures, leading to a panic from stack exhaustion. The issue is tied to the Go standard library (golang) and has been discussed in Go-related advisories and public postings (e.g., the follow-up to CVE-2022-3...

CVE-2024-34155

Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion...