Bug 2278918 (CVE-2024-2410)

Summary: CVE-2024-2410 protobuf: Use-after-free in JsonToBinaryStream()
Product: [Other] Security Response Reporter: Marco Benatto <mbenatto>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aarif, adudiak, agarcial, aoconnor, aprice, asegurap, bdettelb, caswilli, dfreiber, dkuc, drow, eglynn, epacific, fjansen, hkataria, jburrell, jcammara, jhardy, jjoyce, jmitchel, jneedle, jobarker, jschluet, jsherril, jtanner, kaycoth, kholdawa, kshier, lhh, lsvaty, luizcosta, mabashia, mburns, mgarciac, mkleinhe, mpierce, nweather, oezr, omaciel, orabin, pgrist, rbobbitt, sidakwo, simaishi, smcdonal, stcannon, teagle, vkumar, yguenane, zsadeh
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: protobuf 4.25.0 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in protobuf, the protocol buffer C++ implementation. A use-after-free can be triggered when reading a crafted JSON input split into separate chunks with the JsonToBinaryStream function. A successful attack may result in data leak or corruption or cause the application to crash.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2278920, 2278921, 2278922, 2278923    
Bug Blocks: 2278928    

Description Marco Benatto 2024-05-03 18:18:00 UTC 
The JsonToBinaryStream() function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes from a chunk that has already been freed.

References:
https://github.com/advisories/GHSA-h86c-v8g6-46f2
https://github.com/protocolbuffers/protobuf/releases/tag/v25.0
Comment 1 Marco Benatto 2024-05-03 18:25:52 UTC 
Created mingw-protobuf tracking bugs for this issue:

Affects: fedora-all [bug 2278921]


Created protobuf tracking bugs for this issue:

Affects: fedora-all [bug 2278920]