{"uuid": "a216f66c-4d16-49f7-9b86-f08fecbdbecb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-7254", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12554", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-7254\n\ud83d\udd25 CVSS Score: 8.7 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Any project that parses untrusted Protocol Buffers data\u00a0containing an arbitrary number of nested groups / series of SGROUP\u00a0tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.\n\ud83d\udccf Published: 2024-09-19T00:18:45.824Z\n\ud83d\udccf Modified: 2025-04-19T00:11:07.841Z\n\ud83d\udd17 References:\n1. https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa", "creation_timestamp": "2025-04-19T00:59:44.000000Z"}