Описание
Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.
A flaw was found in Protocol Buffers (protobuf). This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion.
Отчет
This issue represents a significant severity risk because unbounded recursion in Protocol Buffers parsing can be exploited to trigger stack overflows, leading to Denial of Service (DoS). When parsers, such as DiscardUnknownFieldsParser or the Java Protobuf Lite parser, encounter arbitrarily nested groups or deeply recursive map fields, the lack of recursion depth limits can result in uncontrolled stack growth. Attackers can craft malicious protobuf messages that deliberately exceed the stack's capacity, causing the application to crash or become unresponsive.
The protobuf package as shipped in RHEL does not include the affected java or kotlin bindings, therefore RHEL is Not Affected.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| A-MQ Clients 2 | com.google.protobuf/protobuf-java | Under investigation | ||
| Cryostat 3 | com.google.protobuf/protobuf-java | Under investigation | ||
| Logging Subsystem for Red Hat OpenShift | com.google.protobuf/protobuf-java | Under investigation | ||
| Red Hat AMQ Broker 7 | com.google.protobuf/protobuf-java | Under investigation | ||
| Red Hat build of Apicurio Registry 2 | com.google.protobuf/protobuf-java | Under investigation | ||
| Red Hat build of Debezium 2 | com.google.protobuf/protobuf-java | Under investigation | ||
| Red Hat build of OptaPlanner 8 | com.google.protobuf/protobuf-java | Under investigation | ||
| Red Hat Data Grid 8 | com.google.protobuf/protobuf-java | Under investigation | ||
| Red Hat Enterprise Linux 10 | mysql8.4 | Not affected | ||
| Red Hat Enterprise Linux 10 | protobuf | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.
Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.
Any project that parses untrusted Protocol Buffers datacontaining an a ...
EPSS
7.5 High
CVSS3