CVE-2024-7254
Stack overflow in Protocol Buffers Java Lite
Severity Score
8.7
*CVSS v4
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.
A flaw was found in Protocol Buffers (protobuf). This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion.
*Credits:
Alexis Challande, Trail of Bits Ecosystem Security Team <ecosystem@trailofbits.com>
CVSS Scores
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
System
Vulnerable | Subsequent
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-07-29 CVE Reserved
- 2024-09-19 CVE Published
- 2024-09-19 CVE Updated
- 2024-09-19 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
- CAPEC-100: Overflow Buffers
References (3)
| URL | Tag | Source |
|---|---|---|
| https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-7254 | 2024-11-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2313454 | 2024-11-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Protocol Buffers Search vendor "Google" for product "Protocol Buffers" | < 28.2 Search vendor "Google" for product "Protocol Buffers" and version " < 28.2" | en |
Affected
| ||||||
| Google Search vendor "Google" | Protobuf-java Search vendor "Google" for product "Protobuf-java" | < 3.25.5 Search vendor "Google" for product "Protobuf-java" and version " < 3.25.5" | en |
Affected
| ||||||
| Google Search vendor "Google" | Protobuf-java Search vendor "Google" for product "Protobuf-java" | < 4.27.5 Search vendor "Google" for product "Protobuf-java" and version " < 4.27.5" | en |
Affected
| ||||||
| Google Search vendor "Google" | Protobuf-java Search vendor "Google" for product "Protobuf-java" | < 4.28.2 Search vendor "Google" for product "Protobuf-java" and version " < 4.28.2" | en |
Affected
| ||||||
| Google Search vendor "Google" | Protobuf-javalite Search vendor "Google" for product "Protobuf-javalite" | < 3.25.5 Search vendor "Google" for product "Protobuf-javalite" and version " < 3.25.5" | en |
Affected
| ||||||
| Google Search vendor "Google" | Protobuf-javalite Search vendor "Google" for product "Protobuf-javalite" | < 4.27.5 Search vendor "Google" for product "Protobuf-javalite" and version " < 4.27.5" | en |
Affected
| ||||||
| Google Search vendor "Google" | Protobuf-javalite Search vendor "Google" for product "Protobuf-javalite" | < 4.28.2 Search vendor "Google" for product "Protobuf-javalite" and version " < 4.28.2" | en |
Affected
| ||||||
| Google Search vendor "Google" | Protobuf-kotlin Search vendor "Google" for product "Protobuf-kotlin" | < 3.25.5 Search vendor "Google" for product "Protobuf-kotlin" and version " < 3.25.5" | en |
Affected
| ||||||
| Google Search vendor "Google" | Protobuf-kotlin Search vendor "Google" for product "Protobuf-kotlin" | < 4.27.5 Search vendor "Google" for product "Protobuf-kotlin" and version " < 4.27.5" | en |
Affected
| ||||||
| Google Search vendor "Google" | Protobuf-kotlin Search vendor "Google" for product "Protobuf-kotlin" | < 4.28.2 Search vendor "Google" for product "Protobuf-kotlin" and version " < 4.28.2" | en |
Affected
| ||||||
| Google Search vendor "Google" | Protobuf-kotllin-lite Search vendor "Google" for product "Protobuf-kotllin-lite" | < 3.25.5 Search vendor "Google" for product "Protobuf-kotllin-lite" and version " < 3.25.5" | en |
Affected
| ||||||
| Google Search vendor "Google" | Protobuf-kotllin-lite Search vendor "Google" for product "Protobuf-kotllin-lite" | < 4.27.5 Search vendor "Google" for product "Protobuf-kotllin-lite" and version " < 4.27.5" | en |
Affected
| ||||||
| Google Search vendor "Google" | Protobuf-kotllin-lite Search vendor "Google" for product "Protobuf-kotllin-lite" | < 4.28.2 Search vendor "Google" for product "Protobuf-kotllin-lite" and version " < 4.28.2" | en |
Affected
| ||||||
| Google Search vendor "Google" | Google-protobuf [JRu Search vendor "Google" for product "Google-protobuf [JRu" | < 3.25.5 Search vendor "Google" for product "Google-protobuf [JRu" and version " < 3.25.5" | en |
Affected
| ||||||
| Google Search vendor "Google" | Google-protobuf [JRu Search vendor "Google" for product "Google-protobuf [JRu" | < 4.27.5 Search vendor "Google" for product "Google-protobuf [JRu" and version " < 4.27.5" | en |
Affected
| ||||||
| Google Search vendor "Google" | Google-protobuf [JRu Search vendor "Google" for product "Google-protobuf [JRu" | < 4.28.2 Search vendor "Google" for product "Google-protobuf [JRu" and version " < 4.28.2" | en |
Affected
| ||||||