Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential denial-of-service issue exists in `ion-java` for applications that use `ion-java` to deserialize Ion text encoded data, or deserialize Ion text or binary encoded data into the `IonValue` model and then invoke certain `IonValue` methods on that in-memory representation. An actor could craft Ion data that, when loaded by the affected application and/or processed using the `IonValue` model, results in a `StackOverflowError` originating from the `ion-java` library. The patch is included in `ion-java` 1.10.5. As a workaround, do not load data which originated from an untrusted source or that could have been tampered with.
History

Tue, 01 Oct 2024 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat jboss Enterprise Application Platform
CPEs cpe:/a:redhat:jboss_enterprise_application_platform:8.0
cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Vendors & Products Redhat
Redhat jboss Enterprise Application Platform

Tue, 13 Aug 2024 23:00:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Important


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-01-03T22:46:03.585Z

Updated: 2024-08-01T22:27:35.757Z

Reserved: 2023-12-29T03:00:44.955Z

Link: CVE-2024-21634

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2024-01-03T23:15:08.943

Modified: 2024-11-21T08:54:46.287

Link: CVE-2024-21634

cve-icon Redhat

Severity : Important

Publid Date: 2024-01-03T00:00:00Z

Links: CVE-2024-21634 - Bugzilla