CVE-2024-2410

EUVD-2024-27362
The JsonToBinaryStream() function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes from a chunk that has already been freed. 
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.6 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
GoogleCNA
7.6 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
Affected Products (NVD)
VendorProductVersion
googleprotobuf
4.25.0 <
𝑥
< 4.25.0
googleprotobuf
4.22.0 ≤
𝑥
< 4.25.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
protobuf
bookworm
3.21.12-3
fixed
bullseye
3.12.4-1+deb11u1
fixed
forky
3.21.12-14
fixed
sid
3.21.12-14
fixed
trixie
3.21.12-11
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
protobuf
bionic
not-affected
focal
not-affected
jammy
not-affected
mantic
not-affected
noble
not-affected
oracular
not-affected
trusty
not-affected
xenial
not-affected
Common Weakness Enumeration
References
https://github.com/protocolbuffers/protobuf/releases/tag/v25.0
https://github.com/protocolbuffers/protobuf/releases/tag/v25.0