CVE-2024-2410

HIGH

Google Protobuf 4.22.0-4.24.4 - Use-After-Free in JsonToBinaryStream Parser

Title source: llm

Description

The JsonToBinaryStream() function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes from a chunk that has already been freed.

References (1)

Core 1

Core References

Release Notes

https://github.com/protocolbuffers/protobuf/releases/tag/v25.0

Scores

CVSS v3 7.6

EPSS 0.0005

EPSS Percentile 15.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-416

Status published

Products (1)

google/protobuf 4.22.0 - 4.25.0

Published May 03, 2024

Tracked Since Feb 18, 2026