{"id":"CVE-2024-2410","details":"The JsonToBinaryStream() function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. If the input is broken up into separate chunks in a certain way, the parser will attempt to read bytes from a chunk that has already been freed. \n","modified":"2026-03-13T15:00:14.790455Z","published":"2024-05-03T13:15:21.700Z","related":["SUSE-SU-2025:20155-1","SUSE-SU-2025:20672-1"],"references":[{"type":"ADVISORY","url":"https://github.com/protocolbuffers/protobuf/releases/tag/v25.0"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/google/protobuf","events":[{"introduced":"a847a8dc4ba1d99e7ba917146c84438b4de7d085"},{"fixed":"6b5d8db01fe47478e8d400f550e797e6230d464e"}],"database_specific":{"versions":[{"introduced":"4.22.0"},{"fixed":"4.25.0"}]}},{"type":"GIT","repo":"https://github.com/protocolbuffers/protobuf","events":[{"introduced":"0"},{"fixed":"6b5d8db01fe47478e8d400f550e797e6230d464e"}]}],"versions":["3.15.0-rc1","conformance-build-tag","v2.4.1","v2.5.0","v2.6.0","v2.6.1","v2.6.1rc1","v21.0","v21.0-rc1","v21.0-rc2","v21.1","v21.10","v21.11","v21.12","v21.2","v21.3","v21.4","v21.5","v21.6","v21.9","v22.0","v22.0-rc1","v22.0-rc2","v22.0-rc3","v22.1","v22.2","v22.3","v23.0","v23.0-rc1","v23.0-rc2","v23.0-rc3","v24.0","v24.0-rc1","v24.0-rc2","v24.0-rc3","v25.0-rc1","v25.0-rc2","v3.0.0","v3.0.0-alpha-1","v3.0.0-alpha-2","v3.0.0-alpha-3","v3.0.0-alpha-4","v3.0.0-beta-1","v3.0.0-beta-1-bzl-fix","v3.0.0-beta-2","v3.0.0-beta-3","v3.0.0-beta-3-pre-1","v3.0.0-beta-4","v3.0.2","v3.1.0","v3.1.0-alpha-1","v3.10.0","v3.10.0-rc1","v3.11.0","v3.11.0-rc1","v3.11.0-rc2","v3.11.1","v3.11.2","v3.11.3","v3.11.4","v3.12.0","v3.12.0-rc1","v3.12.0-rc2","v3.12.1","v3.12.2","v3.12.3","v3.13.0","v3.13.0-rc3","v3.13.0.1","v3.14.0","v3.14.0-rc1","v3.14.0-rc2","v3.14.0-rc3","v3.15.0","v3.15.0-rc1","v3.15.0-rc2","v3.15.1","v3.15.2","v3.15.3","v3.15.4","v3.15.5","v3.15.6","v3.15.7","v3.15.8","v3.16.0","v3.16.0-rc1","v3.16.0-rc2","v3.17.0","v3.17.0-rc1","v3.17.0-rc2","v3.17.1","v3.17.2","v3.17.3","v3.18.0","v3.18.0-rc1","v3.18.0-rc2","v3.18.1","v3.19.0","v3.19.0-rc1","v3.19.0-rc2","v3.19.1","v3.19.2","v3.19.3","v3.19.4","v3.20.0","v3.20.0-rc1","v3.20.0-rc2","v3.20.0-rc3","v3.20.1","v3.20.1-rc1","v3.21.0","v3.21.0-rc2","v3.21.1","v3.21.10","v3.21.11","v3.21.12","v3.21.2","v3.21.3","v3.21.4","v3.21.5","v3.21.6","v3.21.9","v3.22.0","v3.22.0-rc1","v3.22.0-rc2","v3.22.0-rc3","v3.22.1","v3.22.2","v3.22.3","v3.23.0","v3.23.0-rc1","v3.23.0-rc2","v3.23.0-rc3","v3.24.0","v3.24.0-rc1","v3.24.0-rc2","v3.24.0-rc3","v3.25.0-rc1","v3.25.0-rc2","v3.3.0","v3.3.0rc1","v3.3.1","v3.3.2","v3.4.0","v3.4.0rc1","v3.4.0rc2","v3.4.0rc3","v3.4.1","v3.5.0","v3.5.0.1","v3.5.1","v3.5.2","v3.6.0","v3.6.0.1","v3.6.0rc1","v3.6.0rc2","v3.6.1","v3.7.0","v3.7.0-rc.2","v3.7.0-rc.3","v3.7.0rc1","v3.7.0rc2","v3.7.1","v3.8.0","v3.8.0-rc1","v3.9.0-rc1","v4.22.0","v4.22.0-rc1","v4.22.0-rc2","v4.22.0-rc3","v4.22.1","v4.22.2","v4.22.3","v4.23.0","v4.23.0-rc1","v4.23.0-rc2","v4.23.0-rc3","v4.24.0","v4.24.0-rc1","v4.24.0-rc2","v4.24.0-rc3","v4.25.0-rc1","v4.25.0-rc2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-2410.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}