Ion Java StackOverflow vulnerability

CVE-2024-21634

What is CVE-2024-21634?

A potential denial-of-service vulnerability exists in the Amazon Ion library, specifically in versions prior to 1.10.5 of the ion-java implementation. This issue arises when applications attempt to deserialize Ion text encoded data or transform Ion text or binary data into the IonValue model. If an attacker crafts malicious Ion data, loading it into an affected application can trigger a StackOverflowError when specific IonValue methods are invoked. To mitigate this issue, it is crucial to avoid processing data from untrusted sources or data that may have been compromised. Users are strongly advised to upgrade to ion-java version 1.10.5 or later to incorporate the necessary patch.

News Articles

iTnews

CVE-2024-1597CVE-2024-21634

Atlassian's Bamboo has critical SQL injection vulnerability

Atlassian’s monthly security roll-up includes a patch for a critical SQL injection vulnerability in its Bamboo data centre and server...

References