Severity
High
Analysis Summary
CVE-2024-7254 CVSS:7.5
Google Protocol Buffers (a.k.a., protobuf) is vulnerable to a denial of service, caused by a stack-based buffer overflow . By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-45601 CVSS:7.5
Google Mesop could allow a remote attacker to include arbitrary files. An attacker could send a specially crafted URL request to the file serving function to specify a malicious file from the local system, which could allow the attacker to obtain sensitive information from the vulnerable Web server. Note: In order to exploit this vulnerability to execute arbitrary code using a local file, the attacker would first be required to upload a malicious file or inject arbitrary code into an existing file.
Impact
- Denial of Service
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-7254
- CVE-2024-45601
Affected Vendors
Affected Products
- Google Protocol Buffers - 3.25.4
- Google Protocol Buffers - 4.27.4
- Google Protocol Buffers - 4.28.1
- Google Mesop - 0.12.3
Remediation
Upgrade to the latest version, available from the GIT Repository.