{"id":"CVE-2024-58103","details":"Square Wire before 5.2.0 does not enforce a recursion limit on nested groups in ByteArrayProtoReader32.kt and ProtoReader.kt.","aliases":["GHSA-pwf9-q62p-v7wc"],"modified":"2026-04-09T10:31:10.475306Z","published":"2025-03-16T04:15:12.313Z","related":["CGA-2xxm-qjch-vq47"],"references":[{"type":"WEB","url":"https://github.com/square/wire/compare/5.1.0...5.2.0"},{"type":"FIX","url":"https://github.com/square/wire/commit/b90e60c09befaff836a2fc2ee4d678451b2ec75d"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/square/wire","events":[{"introduced":"0"},{"fixed":"8166872e3844963523fb34b191ee59e69bd8f007"},{"fixed":"b90e60c09befaff836a2fc2ee4d678451b2ec75d"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"5.2.0"}]}}],"versions":["3.0.0","3.0.0-alpha01","3.0.0-alpha02","3.0.0-alpha03","3.0.0-rc01","3.0.0-rc02","3.0.0-rc03","3.0.2","3.0.3","3.3.0","3.3.0-alpha1","3.3.0-alpha2","3.4.0","3.5.0","3.5.1-alpha1","3.5.1-alpha2","3.6.0","3.6.0-alpha1","3.6.1","3.6.1-alpha1","3.7.0","3.8.0-alpha1","4.0.0","4.0.0-alpha.10","4.0.0-alpha.11","4.0.0-alpha.15","4.0.0-alpha.16","4.0.0-alpha.17","4.0.0-alpha.18","4.0.0-alpha.2","4.0.0-alpha.20","4.0.0-alpha.3","4.0.0-alpha.4","4.0.0-alpha.5","4.0.0-alpha.6","4.0.0-alpha.7","4.0.0-alpha.8","4.0.0-alpha.9","4.0.0-alpha1","4.0.0-alpha12","4.0.0-alpha13","4.0.1","4.1.0","4.1.1","4.2.0","4.3.0","4.4.0","4.4.1","4.4.2","4.4.3","4.5.0","4.5.1","4.5.2","4.5.3","4.5.4","4.5.5","4.5.6","4.6.0","4.6.1","4.6.2","4.7.0","4.7.1","4.7.2","4.8.0","4.8.1","4.9.0","4.9.1","4.9.1-square01","4.9.2","4.9.2-square02","4.9.2-square03","4.9.2-square04","4.9.3","4.9.3-square01","4.9.4","4.9.4-square01","4.9.4-square02","4.9.5","4.9.6","5.0.0","5.0.0-alpha.square.6","5.0.0-alpha.square.7","5.0.0-alpha.square.8","5.0.0-alpha.square.9","5.0.0-alpha01","5.0.0-alpha02","5.0.0-alpha02-square01","5.0.0-alpha02-square02","5.0.0-alpha03","5.0.0-alpha04","5.1.0","5.1.1-alpha.20240917.084212.96bbc3907","5.1.1-alpha.20240920.094122.b98afbb7d.1304","5.1.1-alpha.20241004.194750.5a2084117","5.1.1-alpha.20241016.095539.16b796241","5.1.1-alpha.20241017.175147.633cf04b4","5.1.1-alpha.20241127.134142.06e7597bb.v2","5.1.1-alpha.20241206.191847.01e8f3013","parent-3.0.0-rc02","parent-3.0.1","parent-3.1.0","parent-3.2.0","parent-3.2.1","parent-3.2.2","parent-4.0.0-alpha.12","parent-4.0.0-alpha.13","parent-4.0.0-alpha.14","parent-4.0.0-alpha.15","parent-4.0.0-alpha13","wire-1.0.0","wire-1.0.1","wire-1.1.0","wire-1.1.1","wire-1.2.0","wire-1.3.0","wire-1.3.1","wire-1.3.2","wire-1.3.3","wire-1.4.0","wire-1.5.0","wire-1.5.1","wire-1.5.2","wire-1.6.0","wire-1.6.1","wire-1.7.0","wire-1.8.0","wire-2.0.0","wire-2.0.0-BETA1","wire-2.0.0-BETA10","wire-2.0.0-BETA2","wire-2.0.0-BETA3","wire-2.0.0-BETA4","wire-2.0.0-BETA5","wire-2.0.0-BETA6","wire-2.0.0-BETA7","wire-2.0.0-BETA8","wire-2.0.0-BETA9","wire-2.0.1","wire-2.0.2","wire-2.0.3","wire-2.1.0","wire-2.1.1","wire-2.1.2","wire-2.2.0","wire-2.3.0-RC1","wire-3.0.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-58103.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"}]}