CVE-2024-2410

Use after free in C++ protobuf

Published: 5/3/2024 Last updated: 8/1/2024 Reserved: 3/12/2024

The JsonToBinaryStream() function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes from a chunk that has already been freed.

CNA assigner: Google (14ed7db2-1595-443d-9d34-6215bf890778) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	7.6	High	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Opam packages affected (5)

conf-protoc conf-protoc-dev kinetic-client protocell riak-pb

Products affected (1)

Product	Vendor	Version
protobuf	protocolbuffers	< v4.2.9

References (2)

https://github.com/protocolbuffers/protobuf/releases/tag/v25.0
https://github.com/protocolbuffers/protobuf/releases/tag/v25.0