Recursion Limit Bypass in Square Wire Product
CVE-2024-58103
5.8MEDIUM
What is CVE-2024-58103?
The vulnerability in Square Wire prior to version 5.2.0 arises from the lack of enforcement of a recursion limit for nested groups in the ByteArrayProtoReader32.kt and ProtoReader.kt components. This oversight could lead to a Denial of Service (DoS) in applications utilizing this library, as excessive nesting may cause crashes or resource exhaustion during data parsing operations.
Affected Version(s)
Wire 0 < 5.2.0
