CVE-2024-2410 - Vulnerability Details - OpenCVE

ReportizFlow

The JsonToBinaryStream() function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes from a chunk that has already been freed.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Protobuf

Configuration 1 [-]

cpe:2.3:a:google:protobuf:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/advisories/GHSA-h86c-v8g6-46f2
https://github.com/protocolbuffers/protobuf/releases/tag/v25.0
https://nvd.nist.gov/vuln/detail/CVE-2024-2410
https://www.cve.org/CVERecord?id=CVE-2024-2410

History

Tue, 22 Jul 2025 21:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Google Google protobuf
CPEs		cpe:2.3:a:google:protobuf::::::::
Vendors & Products		Google Google protobuf

MITRE

Status: PUBLISHED

Assigner: Google

Published: 2024-05-03T12:58:39.449Z

Updated: 2024-08-01T19:11:53.511Z

Reserved: 2024-03-12T23:26:10.660Z

Link: CVE-2024-2410

Vulnrichment

Updated: 2024-08-01T19:11:53.511Z

NVD

Status : Analyzed

Published: 2024-05-03T13:15:21.700

Modified: 2025-07-22T21:05:38.530

Link: CVE-2024-2410

Redhat

Severity : Moderate

Publid Date: 2024-05-03T00:00:00Z

Links: CVE-2024-2410 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-2410", "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "state": "PUBLISHED", "assignerShortName": "Google", "dateReserved": "2024-03-12T23:26:10.660Z", "datePublished": "2024-05-03T12:58:39.449Z", "dateUpdated": "2024-08-01T19:11:53.511Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "protobuf", "repo": "https://github.com/protocolbuffers/protobuf", "vendor": "protocolbuffers", "versions": [{"lessThan": "4.25.0", "status": "affected", "version": "4.22.0", "versionType": "semver"}]}], "datePublic": "2024-04-16T23:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">The </span><code>JsonToBinaryStream()</code><span style=\"background-color: rgb(255, 255, 255);\"> function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes from a chunk that has already been freed. </span><br>"}], "value": "The JsonToBinaryStream()\u00a0function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes from a chunk that has already been freed.\u00a0\n"}], "impacts": [{"capecId": "CAPEC-123", "descriptions": [{"lang": "en", "value": "CAPEC-123 Buffer Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google", "dateUpdated": "2024-05-03T12:58:39.449Z"}, "references": [{"url": "https://github.com/protocolbuffers/protobuf/releases/tag/v25.0"}], "source": {"discovery": "UNKNOWN"}, "title": "Use after free in C++ protobuf", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "google", "product": "protobuf", "cpes": ["cpe:2.3:a:google:protobuf:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.22.0", "status": "affected", "lessThan": "4.25.0", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-13T16:52:45.662270Z", "id": "CVE-2024-2410", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-13T16:55:13.267Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:11:53.511Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/protocolbuffers/protobuf/releases/tag/v25.0", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/protocolbuffers/protobuf/releases/tag/v25.0", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:11:53.511Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-2410", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-13T16:52:45.662270Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:google:protobuf:-:*:*:*:*:*:*:*"], "vendor": "google", "product": "protobuf", "versions": [{"status": "affected", "version": "4.22.0", "lessThan": "4.25.0", "versionType": "semver"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-13T16:55:05.631Z"}}], "cna": {"title": "Use after free in C++ protobuf", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-123", "descriptions": [{"lang": "en", "value": "CAPEC-123 Buffer Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/protocolbuffers/protobuf", "vendor": "protocolbuffers", "product": "protobuf", "versions": [{"status": "affected", "version": "4.22.0", "lessThan": "4.25.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2024-04-16T23:00:00.000Z", "references": [{"url": "https://github.com/protocolbuffers/protobuf/releases/tag/v25.0"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "The JsonToBinaryStream()\u00a0function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes from a chunk that has already been freed.\u00a0\n", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">The </span><code>JsonToBinaryStream()</code><span style=\"background-color: rgb(255, 255, 255);\"> function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes from a chunk that has already been freed. </span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google", "dateUpdated": "2024-05-03T12:58:39.449Z"}}}, "cveMetadata": {"cveId": "CVE-2024-2410", "state": "PUBLISHED", "dateUpdated": "2024-08-01T19:11:53.511Z", "dateReserved": "2024-03-12T23:26:10.660Z", "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "datePublished": "2024-05-03T12:58:39.449Z", "assignerShortName": "Google"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:protobuf:*:*:*:*:*:*:*:*", "matchCriteriaId": "8069127C-4FD6-4E80-A84A-28090748ACFC", "versionEndExcluding": "4.25.0", "versionStartIncluding": "4.22.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The JsonToBinaryStream()\u00a0function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes from a chunk that has already been freed.\u00a0\n"}, {"lang": "es", "value": "La funci\u00f3n JsonToBinaryStream() es parte de la implementaci\u00f3n de los b\u00faferes de protocolo C++ y se utiliza para analizar JSON de una secuencia. Si la entrada se divide en fragmentos separados de cierta manera, el analizador intentar\u00e1 leer bytes de un fragmento que ya ha sido liberado."}], "id": "CVE-2024-2410", "lastModified": "2025-07-22T21:05:38.530", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.7, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2024-05-03T13:15:21.700", "references": [{"source": "[email protected]", "tags": ["Release Notes"], "url": "https://github.com/protocolbuffers/protobuf/releases/tag/v25.0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://github.com/protocolbuffers/protobuf/releases/tag/v25.0"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "[email protected]", "type": "Secondary"}]}

{"bugzilla": {"description": "protobuf: Use-after-free in JsonToBinaryStream()", "id": "2278918", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278918"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-416", "details": ["The JsonToBinaryStream()\u00a0function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes from a chunk that has already been freed.\u00a0", "A flaw was found in protobuf, the protocol buffer C++ implementation. A use-after-free can be triggered when reading a crafted JSON input split into separate chunks with the JsonToBinaryStream function. A successful attack may result in data leak or corruption or cause the application to crash."], "mitigation": {"lang": "en:us", "value": "Do not parse a JSON input split into separated chunks using the JsonToBinaryStream function."}, "name": "CVE-2024-2410", "package_state": [{"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "python3x-protobuf", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "python-protobuf", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "protobuf", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "protobuf", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "protobuf", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "fence-agents", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "protobuf", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openstack:16.1", "fix_state": "Out of support scope", "package_name": "protobuf", "product_name": "Red Hat OpenStack Platform 16.1"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Will not fix", "package_name": "protobuf", "product_name": "Red Hat OpenStack Platform 16.2"}], "public_date": "2024-05-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-2410\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-2410\nhttps://github.com/advisories/GHSA-h86c-v8g6-46f2"], "statement": "The protobuf package, as shipped in Red Hat Enterprise Linux 7, 8 and 9, is not affected by this vulnerability because the vulnerable code was introduced in a newer version of protobuf.", "threat_severity": "Moderate"}