CVE-2024-7254 (google-protobuf): protobuf-java has potential Denial of Service issue

20 September 2024

ADVISORIES CVE-2024-7254 (NVD) GHSA-735f-pc8j-v9w8 Vendor Advisory GEM google-protobuf PATCHED VERSIONS ~> 3.25.5 ~> 4.27.5 >= 4.28.2 DESCRIPTION Summary When parsing unknown fields in the Protobuf Java Lite and Full library, a maliciously crafted message can cause a StackOverflow error and lead to a program crash. Reporter:

Source: RUBYLAND

Date:

20 September 2024

Categorie(s):

NEWS

Tag(s):

Cyber Threats, Denial of Service, Programming, Programming Languages, Ruby

AI has potential to automate threat detection, transform cybersecurity20 September 2024
Mandiant combats new threats posed by remote access tools20 September 2024
Healthcare becomes prime target for cyberattacks as security industry defends against AI-generated cybersecurity threats20 September 2024
What’s behind the return-to-office demands?20 September 2024
CVE-2024-7254 (google-protobuf): protobuf-java has potential Denial of Service issue20 September 2024