{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-2410", "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "state": "PUBLISHED", "assignerShortName": "Google", "dateReserved": "2024-03-12T23:26:10.660Z", "datePublished": "2024-05-03T12:58:39.449Z", "dateUpdated": "2024-08-01T19:11:53.511Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "protobuf", "repo": "https://github.com/protocolbuffers/protobuf", "vendor": "protocolbuffers", "versions": [{"lessThan": "4.25.0", "status": "affected", "version": "4.22.0", "versionType": "semver"}]}], "datePublic": "2024-04-16T23:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">The </span><code>JsonToBinaryStream()</code><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes from a chunk that has already been freed.&nbsp;</span><br>"}], "value": "The JsonToBinaryStream()\u00a0function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes from a chunk that has already been freed.\u00a0\n"}], "impacts": [{"capecId": "CAPEC-123", "descriptions": [{"lang": "en", "value": "CAPEC-123 Buffer Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google", "dateUpdated": "2024-05-03T12:58:39.449Z"}, "references": [{"url": "https://github.com/protocolbuffers/protobuf/releases/tag/v25.0"}], "source": {"discovery": "UNKNOWN"}, "title": "Use after free in C++ protobuf", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "google", "product": "protobuf", "cpes": ["cpe:2.3:a:google:protobuf:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.22.0", "status": "affected", "lessThan": "4.25.0", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-13T16:52:45.662270Z", "id": "CVE-2024-2410", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-13T16:55:13.267Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:11:53.511Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/protocolbuffers/protobuf/releases/tag/v25.0", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/protocolbuffers/protobuf/releases/tag/v25.0", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:11:53.511Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-2410", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-13T16:52:45.662270Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:google:protobuf:-:*:*:*:*:*:*:*"], "vendor": "google", "product": "protobuf", "versions": [{"status": "affected", "version": "4.22.0", "lessThan": "4.25.0", "versionType": "semver"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-13T16:55:05.631Z"}}], "cna": {"title": "Use after free in C++ protobuf", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-123", "descriptions": [{"lang": "en", "value": "CAPEC-123 Buffer Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/protocolbuffers/protobuf", "vendor": "protocolbuffers", "product": "protobuf", "versions": [{"status": "affected", "version": "4.22.0", "lessThan": "4.25.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2024-04-16T23:00:00.000Z", "references": [{"url": "https://github.com/protocolbuffers/protobuf/releases/tag/v25.0"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "The JsonToBinaryStream()\u00a0function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes from a chunk that has already been freed.\u00a0\n", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">The </span><code>JsonToBinaryStream()</code><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes from a chunk that has already been freed.&nbsp;</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google", "dateUpdated": "2024-05-03T12:58:39.449Z"}}}, "cveMetadata": {"cveId": "CVE-2024-2410", "state": "PUBLISHED", "dateUpdated": "2024-08-01T19:11:53.511Z", "dateReserved": "2024-03-12T23:26:10.660Z", "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "datePublished": "2024-05-03T12:58:39.449Z", "assignerShortName": "Google"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:protobuf:*:*:*:*:*:*:*:*", "matchCriteriaId": "8069127C-4FD6-4E80-A84A-28090748ACFC", "versionEndExcluding": "4.25.0", "versionStartIncluding": "4.22.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The JsonToBinaryStream()\u00a0function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes from a chunk that has already been freed.\u00a0\n"}, {"lang": "es", "value": "La funci\u00f3n JsonToBinaryStream() es parte de la implementaci\u00f3n de los b\u00faferes de protocolo C++ y se utiliza para analizar JSON de una secuencia. Si la entrada se divide en fragmentos separados de cierta manera, el analizador intentar\u00e1 leer bytes de un fragmento que ya ha sido liberado."}], "id": "CVE-2024-2410", "lastModified": "2025-07-22T21:05:38.530", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.7, "source": "cve-coordination@google.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-03T13:15:21.700", "references": [{"source": "cve-coordination@google.com", "tags": ["Release Notes"], "url": "https://github.com/protocolbuffers/protobuf/releases/tag/v25.0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://github.com/protocolbuffers/protobuf/releases/tag/v25.0"}], "sourceIdentifier": "cve-coordination@google.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "cve-coordination@google.com", "type": "Secondary"}]}

{"bugzilla": {"description": "protobuf: Use-after-free in JsonToBinaryStream()", "id": "2278918", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278918"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-416", "details": ["The JsonToBinaryStream()\u00a0function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes from a chunk that has already been freed.\u00a0", "A flaw was found in protobuf, the protocol buffer C++ implementation. A use-after-free can be triggered when reading a crafted JSON input split into separate chunks with the JsonToBinaryStream function. A successful attack may result in data leak or corruption or cause the application to crash."], "mitigation": {"lang": "en:us", "value": "Do not parse a JSON input split into separated chunks using the JsonToBinaryStream function."}, "name": "CVE-2024-2410", "package_state": [{"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "python3x-protobuf", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "python-protobuf", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "protobuf", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "protobuf", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "protobuf", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "fence-agents", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "protobuf", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openstack:16.1", "fix_state": "Out of support scope", "package_name": "protobuf", "product_name": "Red Hat OpenStack Platform 16.1"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Will not fix", "package_name": "protobuf", "product_name": "Red Hat OpenStack Platform 16.2"}], "public_date": "2024-05-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-2410\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-2410\nhttps://github.com/advisories/GHSA-h86c-v8g6-46f2"], "statement": "The protobuf package, as shipped in Red Hat Enterprise Linux 7, 8 and 9, is not affected by this vulnerability because the vulnerable code was introduced in a newer version of protobuf.", "threat_severity": "Moderate"}