PT-2024-3764 · Google+10 · Golang-Google-Protobuf+10

Published

2024-03-05

·

Updated

2026-05-21

·

CVE-2024-24786

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions golang-google-protobuf (affected versions not specified)
Description The issue is related to the protojson.Unmarshal() function in the golang-google-protobuf package, which can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message that contains a google.protobuf.Any value or when the UnmarshalOptions.DiscardUnknown option is set. Exploitation of this issue can allow a remote attacker to cause a denial of service.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

ALSA-2024:2548
ALSA-2024:2549
ALSA-2024:2550
ALSA-2024:3254
ALSA-2024:4246
ALT-PU-2024-12202
ALT-PU-2024-12410
ALT-PU-2024-13291
ALT-PU-2024-13881
ALT-PU-2024-4646
ALT-PU-2024-4734
ALT-PU-2024-7024
ALT-PU-2024-8461
ALT-PU-2024-8463
ALT-PU-2024-8464
ALT-PU-2024-8542
ALT-PU-2024-8544
ALT-PU-2024-8545
ALT-PU-2024-8807
ALT-PU-2024-8809
ALT-PU-2024-8812
ALT-PU-2024-9408
ALT-PU-2024-9897
ALT-PU-2025-13603
ALT-PU-2025-8447
AZL-35551
AZL-35554
AZL-35556
AZL-35558
AZL-35560
AZL-35561
AZL-35563
AZL-35576
AZL-35577
AZL-35578
AZL-35579
AZL-35580
AZL-35581
AZL-35582
AZL-35583
AZL-35584
AZL-35585
AZL-35591
AZL-35592
AZL-35593
AZL-35594
AZL-35597
AZL-35598
AZL-35599
AZL-35600
AZL-35601
AZL-35633
AZL-35634
AZL-35635
AZL-35636
AZL-35637
AZL-35638
AZL-35639
AZL-35640
AZL-35641
AZL-35642
AZL-35643
AZL-35644
AZL-35645
AZL-35651
AZL-35657
AZL-35658
AZL-35659
AZL-35660
AZL-35661
AZL-35662
AZL-35663
AZL-35664
AZL-35665
AZL-35666
AZL-35667
AZL-35668
AZL-35669
AZL-35670
AZL-35671
AZL-35672
AZL-35673
AZL-35674
AZL-35783
AZL-37119
AZL-39975
AZL-39981
BDU:2024-04111
CESA-2024_3254
CESA-2024_4246
CLEANSTART-2026-BK17545
CLEANSTART-2026-EC57959
CLEANSTART-2026-EJ93145
CLEANSTART-2026-FU47971
CLEANSTART-2026-GG94489
CLEANSTART-2026-HV28992
CLEANSTART-2026-HX94762
CLEANSTART-2026-HZ73294
CLEANSTART-2026-JT73156
CLEANSTART-2026-SQ68600
CLEANSTART-2026-TL66481
CLEANSTART-2026-WB86581
CVE-2024-24786
ECHO-A54D-8085-198D
GHSA-8R3F-844C-MC37
GO-2024-2611
INFSA-2024_2548
INFSA-2024_2549
INFSA-2024_2550
INFSA-2024_4246
OESA-2024-1380
OESA-2024-1381
OESA-2024-1382
OESA-2025-1689
OPENSUSE-SU-2024:13781-1
OPENSUSE-SU-2024:13814-1
OPENSUSE-SU-2024:13838-1
OPENSUSE-SU-2024:13839-1
OPENSUSE-SU-2024:13840-1
OPENSUSE-SU-2024:13841-1
OPENSUSE-SU-2024_2031-1
OPENSUSE-SU-2024_2050-1
OPENSUSE-SU-2024_2090-1
OPENSUSE-SU-2024_3094-1
OPENSUSE-SU-2024_3097-1
OPENSUSE-SU-2024_3098-1
OPENSUSE-SU-2024_3120-1
OPENSUSE-SU-2024_3151-1
OPENSUSE-SU-2024_3186-1
OPENSUSE-SU-2024_3341-1
OPENSUSE-SU-2024_3342-1
OPENSUSE-SU-2024_3343-1
OPENSUSE-SU-2024_3344-1
OPENSUSE-SU-2025:14663-1
RHSA-2024:0043
RHSA-2024:0045
RHSA-2024:1456
RHSA-2024:1461
RHSA-2024:1563
RHSA-2024:1574
RHSA-2024:1874
RHSA-2024:2548
RHSA-2024:2549
RHSA-2024:2550
RHSA-2024:3254
RHSA-2024:3634
RHSA-2024:3635
RHSA-2024:3636
RHSA-2024:3715
RHSA-2024:4246
RHSA-2024:4597
RHSA-2024_1874
RHSA-2024_2548
RHSA-2024_2549
RHSA-2024_2550
RHSA-2024_3254
RHSA-2024_4246
RLSA-2024:2548
RLSA-2024:2549
RLSA-2024:2550
RLSA-2024:3254
SUSE-SU-2024:2031-1
SUSE-SU-2024:2050-1
SUSE-SU-2024:2050-2
SUSE-SU-2024:2090-1
SUSE-SU-2024:3094-1
SUSE-SU-2024:3097-1
SUSE-SU-2024:3098-1
SUSE-SU-2024:3120-1
SUSE-SU-2024:3151-1
SUSE-SU-2024:3186-1
SUSE-SU-2024:3341-1
SUSE-SU-2024:3342-1
SUSE-SU-2024:3343-1
SUSE-SU-2024:3344-1
SUSE-SU-2024_2031-1
SUSE-SU-2024_2050-1
SUSE-SU-2024_2050-2
SUSE-SU-2024_2090-1
SUSE-SU-2025:20013-1
USN-6746-1
USN-6746-2

Affected Products

Alt Linux
Almalinux
Centos
Debian
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Golang-Google-Protobuf