Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-7254— Stack overflow in Protocol Buffers Java Lite

EPSS 0.10% · P28
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-7254

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Stack overflow in Protocol Buffers Java Lite
Source: NVD (National Vulnerability Database)
Vulnerability Description
Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Protocol Buffers 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Protocol Buffers是Protocol Buffers开源的一种 Google 的数据交换格式。 Protocol Buffers存在安全漏洞,该漏洞源于任何解析不受信任的协议缓冲区数据的项目都可能因缓冲区溢出而受到破坏。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
GoogleProtocol Buffers 0 ~ 28.2 -
Googleprotobuf-java 0 ~ 3.25.5 -
Googleprotobuf-javalite 0 ~ 3.25.5 -
Googleprotobuf-kotlin 0 ~ 3.25.5 -
Googleprotobuf-kotllin-lite 0 ~ 3.25.5 -
Googlegoogle-protobuf [JRuby Gem] 0 ~ 3.25.5 -

II. Public POCs for CVE-2024-7254

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-7254

登录查看更多情报信息。

IV. Related Vulnerabilities

Same vendor: Google
Same weakness: CWE-400

V. Comments for CVE-2024-7254

Anonymous User
2025-08-20 01:39:22

Hello Sir I hope this message finds you well. We are a distinguished financial hub based in the UAE. We specialize in providing non-collateral loans tailored for business expansion, particularly for portfolios demonstrating a strong return on investment. In addition to our lending services, we proudly serve as representatives for esteemed angel investors. These individuals are affluent and reputable private investors actively seeking compelling and promising investment opportunities to allocate their capital. Our client currently needs to invest the sum of 100 Million united states dollars in any viable enterprise that would yield an annual basic 15% ROI(Return on Investment). I look forward to the possibility of collaborating with you or your company in this very enterprising endeavour. Please contact us only at everestfinancecorp@gmail.com For further details Yours truly Credit Desk

Leave a comment