CVE-2024-4420 - Vulnerability Details - OpenCVE

There exists a Denial of service vulnerability in Tink-cc in versions prior to 2.1.3. * An adversary can crash binaries using the crypto::tink::JsonKeysetReader in tink-cc by providing an input that is not an encoded JSON object, but still a valid encoded JSON element, for example a number or an array. This will crash as Tink just assumes any valid JSON input will contain an object. * An adversary can crash binaries using the crypto::tink::JsonKeysetReader in tink-cc by providing an input containing many nested JSON objects. This may result in a stack overflow. We recommend upgrading to version 2.1.3 or above

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements Present

User Interaction Active

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://github.com/tink-crypto/tink-cc/issues/4

History

No history.

MITRE

Status: PUBLISHED

Assigner: Google

Published: 2024-05-21T11:52:28.398Z

Updated: 2024-08-01T20:40:47.073Z

Reserved: 2024-05-02T11:15:28.604Z

Link: CVE-2024-4420

Vulnrichment

Updated: 2024-08-01T20:40:47.073Z

NVD

Status : Awaiting Analysis

Published: 2024-05-21T12:15:08.627

Modified: 2024-11-21T09:42:47.737

Link: CVE-2024-4420

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-4420", "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "state": "PUBLISHED", "assignerShortName": "Google", "dateReserved": "2024-05-02T11:15:28.604Z", "datePublished": "2024-05-21T11:52:28.398Z", "dateUpdated": "2024-08-01T20:40:47.073Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://github.com/tink-crypto/tink-cc/", "defaultStatus": "unaffected", "packageName": "Tink-cc", "product": "Tink", "repo": "https://github.com/tink-crypto", "vendor": "Google", "versions": [{"lessThan": "2.1.3", "status": "affected", "version": "2.0.0", "versionType": "semver"}]}, {"collectionURL": "https://github.com/google/tink", "defaultStatus": "unaffected", "packageName": "Tink-crypto (legacy)", "product": "Tink (Legacy)", "repo": "https://github.com/google/tink", "vendor": "Google", "versions": [{"lessThanOrEqual": "1.7.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2024-05-02T10:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "There exists a Denial of service vulnerability in Tink-cc in versions prior to 2.1.3. <ul><li>An adversary can crash binaries using the crypto::tink::JsonKeysetReader in tink-cc by providing an input that is not an encoded JSON object, but still a valid encoded JSON element, for example a number or an array. This will crash as Tink just assumes any valid JSON input will contain an object.</li></ul><ul><li>An adversary can crash binaries using the crypto::tink::JsonKeysetReader in tink-cc by providing an input containing many nested JSON objects. This may result in a stack overflow.</li></ul>We recommend upgrading to version 2.1.3 or above"}], "value": "There exists a Denial of service vulnerability in Tink-cc in versions prior to 2.1.3.\u00a0 * An adversary can crash binaries using the crypto::tink::JsonKeysetReader in tink-cc by providing an input that is not an encoded JSON object, but still a valid encoded JSON element, for example a number or an array. This will crash as Tink just assumes any valid JSON input will contain an object.\n\n\n * An adversary can crash binaries using the crypto::tink::JsonKeysetReader in tink-cc by providing an input containing many nested JSON objects. This may result in a stack overflow.\n\n\nWe recommend upgrading to version 2.1.3 or above"}], "impacts": [{"capecId": "CAPEC-469", "descriptions": [{"lang": "en", "value": "CAPEC-469 HTTP DoS"}]}], "metrics": [{"cvssV4_0": {"Automatable": "YES", "Recovery": "NOT_DEFINED", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 6.8, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "GREEN", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/S:N/AU:Y/V:D/RE:L/U:Green", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "LOW"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-116", "description": "CWE-116 Improper Encoding or Escaping of Output", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google", "dateUpdated": "2024-05-21T14:49:17.375Z"}, "references": [{"url": "https://github.com/tink-crypto/tink-cc/issues/4"}], "source": {"discovery": "INTERNAL"}, "title": "Denial of Service in Tink-cc", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4420", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-21T15:01:39.524101Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:55:38.346Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:40:47.073Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/tink-crypto/tink-cc/issues/4", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/tink-crypto/tink-cc/issues/4", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:40:47.073Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4420", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-21T15:01:39.524101Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-21T15:02:12.000Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Denial of Service in Tink-cc", "source": {"discovery": "INTERNAL"}, "impacts": [{"capecId": "CAPEC-469", "descriptions": [{"lang": "en", "value": "CAPEC-469 HTTP DoS"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.8, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/S:N/AU:Y/V:D/RE:L/U:Green", "providerUrgency": "GREEN", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/tink-crypto", "vendor": "Google", "product": "Tink", "versions": [{"status": "affected", "version": "2.0.0", "lessThan": "2.1.3", "versionType": "semver"}], "packageName": "Tink-cc", "collectionURL": "https://github.com/tink-crypto/tink-cc/", "defaultStatus": "unaffected"}, {"repo": "https://github.com/google/tink", "vendor": "Google", "product": "Tink (Legacy)", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.7.0"}], "packageName": "Tink-crypto (legacy)", "collectionURL": "https://github.com/google/tink", "defaultStatus": "unaffected"}], "datePublic": "2024-05-02T10:00:00.000Z", "references": [{"url": "https://github.com/tink-crypto/tink-cc/issues/4"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "There exists a Denial of service vulnerability in Tink-cc in versions prior to 2.1.3.\u00a0 * An adversary can crash binaries using the crypto::tink::JsonKeysetReader in tink-cc by providing an input that is not an encoded JSON object, but still a valid encoded JSON element, for example a number or an array. This will crash as Tink just assumes any valid JSON input will contain an object.\n\n\n * An adversary can crash binaries using the crypto::tink::JsonKeysetReader in tink-cc by providing an input containing many nested JSON objects. This may result in a stack overflow.\n\n\nWe recommend upgrading to version 2.1.3 or above", "supportingMedia": [{"type": "text/html", "value": "There exists a Denial of service vulnerability in Tink-cc in versions prior to 2.1.3. <ul><li>An adversary can crash binaries using the crypto::tink::JsonKeysetReader in tink-cc by providing an input that is not an encoded JSON object, but still a valid encoded JSON element, for example a number or an array. This will crash as Tink just assumes any valid JSON input will contain an object.</li></ul><ul><li>An adversary can crash binaries using the crypto::tink::JsonKeysetReader in tink-cc by providing an input containing many nested JSON objects. This may result in a stack overflow.</li></ul>We recommend upgrading to version 2.1.3 or above", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-116", "description": "CWE-116 Improper Encoding or Escaping of Output"}]}], "providerMetadata": {"orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google", "dateUpdated": "2024-05-21T14:49:17.375Z"}}}, "cveMetadata": {"cveId": "CVE-2024-4420", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:40:47.073Z", "dateReserved": "2024-05-02T11:15:28.604Z", "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "datePublished": "2024-05-21T11:52:28.398Z", "assignerShortName": "Google"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "There exists a Denial of service vulnerability in Tink-cc in versions prior to 2.1.3.\u00a0 * An adversary can crash binaries using the crypto::tink::JsonKeysetReader in tink-cc by providing an input that is not an encoded JSON object, but still a valid encoded JSON element, for example a number or an array. This will crash as Tink just assumes any valid JSON input will contain an object.\n\n\n * An adversary can crash binaries using the crypto::tink::JsonKeysetReader in tink-cc by providing an input containing many nested JSON objects. This may result in a stack overflow.\n\n\nWe recommend upgrading to version 2.1.3 or above"}, {"lang": "es", "value": " Existe una vulnerabilidad de denegaci\u00f3n de servicio en Tink-cc en versiones anteriores a la 2.1.3. * Un adversario puede bloquear archivos binarios usando crypto::tink::JsonKeysetReader en tink-cc al proporcionar una entrada que no es un objeto JSON codificado, pero que sigue siendo un elemento JSON codificado v\u00e1lido, por ejemplo, un n\u00famero o una matriz. Esto fallar\u00e1 ya que Tink simplemente asume que cualquier entrada JSON v\u00e1lida contendr\u00e1 un objeto. * Un adversario puede bloquear archivos binarios usando crypto::tink::JsonKeysetReader en tink-cc al proporcionar una entrada que contiene muchos objetos JSON anidados. Esto puede provocar un desbordamiento de la pila. Recomendamos actualizar a la versi\u00f3n 2.1.3 o superior."}], "id": "CVE-2024-4420", "lastModified": "2024-11-21T09:42:47.737", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "automatable": "YES", "availabilityRequirements": "NOT_DEFINED", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "GREEN", "recovery": "NOT_DEFINED", "safety": "NEGLIGIBLE", "subsequentSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "ACTIVE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:X/V:D/RE:L/U:Green", "version": "4.0", "vulnerabilityResponseEffort": "LOW", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "NONE"}, "source": "cve-coordination@google.com", "type": "Secondary"}]}, "published": "2024-05-21T12:15:08.627", "references": [{"source": "cve-coordination@google.com", "url": "https://github.com/tink-crypto/tink-cc/issues/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/tink-crypto/tink-cc/issues/4"}], "sourceIdentifier": "cve-coordination@google.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-116"}], "source": "cve-coordination@google.com", "type": "Secondary"}]}