mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-01 11:11:27 +00:00
32 lines
1.3 KiB
JSON
32 lines
1.3 KiB
JSON
{
|
|
"id": "CVE-2024-4420",
|
|
"sourceIdentifier": "cve-coordination@google.com",
|
|
"published": "2024-05-21T12:15:08.627",
|
|
"lastModified": "2024-05-21T12:37:59.687",
|
|
"vulnStatus": "Awaiting Analysis",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "There exists a Denial of service vulnerability in Tink-cc in versions prior to 2.1.3.\u00a0 * An adversary can crash binaries using the crypto::tink::JsonKeysetReader in tink-cc by providing an input that is not an encoded JSON object, but still a valid encoded JSON element, for example a number or an array. This will crash as Tink just assumes any valid JSON input will contain an object.\n\n\n * An adversary can crash binaries using the crypto::tink::JsonKeysetReader in tink-cc by providing an input containing many nested JSON objects. This may result in a stack overflow.\n\n\nWe recommend upgrading to version 2.1.3 or above"
|
|
}
|
|
],
|
|
"metrics": {},
|
|
"weaknesses": [
|
|
{
|
|
"source": "cve-coordination@google.com",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-116"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://github.com/tink-crypto/tink-cc/issues/4",
|
|
"source": "cve-coordination@google.com"
|
|
}
|
|
]
|
|
} |