CVE-2024-2410

{"id": "CVE-2024-2410", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve-coordination@google.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 2.8}]}, "published": "2024-05-03T13:15:21.700", "references": [{"url": "https://github.com/protocolbuffers/protobuf/releases/tag/v25.0", "source": "cve-coordination@google.com"}, {"url": "https://github.com/protocolbuffers/protobuf/releases/tag/v25.0", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cve-coordination@google.com", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "The JsonToBinaryStream()\u00a0function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes from a chunk that has already been freed.\u00a0\n"}, {"lang": "es", "value": "La funci\u00f3n JsonToBinaryStream() es parte de la implementaci\u00f3n de los b\u00faferes de protocolo C++ y se utiliza para analizar JSON de una secuencia. Si la entrada se divide en fragmentos separados de cierta manera, el analizador intentar\u00e1 leer bytes de un fragmento que ya ha sido liberado."}], "lastModified": "2024-11-21T09:09:41.717", "sourceIdentifier": "cve-coordination@google.com"}