admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-09-19 01:00:34 +00:00
parent 2e4e0c9a30
commit 4626867b9f
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
1 changed files with 124 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

129
2024/7xxx/CVE-2024-7254.json
View File

@ -1,18 +1,137 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7254",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@google.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Any project that parses untrusted Protocol Buffers data\u00a0containing an arbitrary number of nested groups / series of SGROUP\u00a0tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Google",
"product": {
"product_data": [
{
"product_name": "Protocol Buffers",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "28.2"
}
]
}
},
{
"product_name": "protobuf-java",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "3.25.5"
}
]
}
},
{
"product_name": "protobuf-javalite",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "3.25.5"
}
]
}
},
{
"product_name": "protobuf-kotlin",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "3.25.5"
}
]
}
},
{
"product_name": "protobuf-kotllin-lite",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "3.25.5"
}
]
}
},
{
"product_name": "google-protobuf [JRuby Gem]",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "3.25.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa",
"refsource": "MISC",
"name": "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Alexis Challande, Trail of Bits Ecosystem Security Team <ecosystem@trailofbits.com>"
}
]
}