CVE-2024-2410— Use after free in C++ protobuf
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-2410
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Use after free in C++ protobuf
Source: NVD (National Vulnerability Database)
Vulnerability Description
The JsonToBinaryStream() function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes from a chunk that has already been freed.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
释放后使用
Source: NVD (National Vulnerability Database)
Vulnerability Title
Google protobuf 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Google protobuf是美国谷歌(Google)公司的一种数据交换格式。 Google protobuf 存在安全漏洞,该漏洞源于 C++ JSON 解析器中存在安全问题,在某些情况下,恶意 JSON 输入可能会导致解析器将已释放的数据复制到错误消息中。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| protocolbuffers | protobuf | 4.22.0 ~ 4.25.0 | - |
II. Public POCs for CVE-2024-2410
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-2410
请登录查看更多情报信息。
IV. Related Vulnerabilities
V. Comments for CVE-2024-2410
No comments yet