Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.

The version of Atlassian Jira Service Management Data Center and Server (Jira Service Desk) running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-15617 advisory.

  - Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups /     series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups     as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map     fields, creates unbounded recursions that can be abused by an attacker. (CVE-2024-7254)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3746-1 advisory.

    - CVE-2024-7254: Fixed stack overflow vulnerability in Protocol Buffer (bsc#1230778)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3747-1 advisory.

    - CVE-2024-7254: Fixed stack overflow vulnerability in Protocol Buffer (bsc#1230778)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3745-1 advisory.

    - CVE-2024-7254: Fixed stack overflow vulnerability in Protocol Buffer (bsc#1230778)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
209626	Atlassian Jira Service Management Data Center and Server 5.4.x < 5.4.27, 5.12.x < 5.12.14 / 5.13.x < 5.17.4 / 10.0.x < 10.1.1 (JSDSERVER-15617)	Nessus	Misc.	high
209544	SUSE SLED15 / SLES15 Security Update : protobuf (SUSE-SU-2024:3746-1)	Nessus	SuSE Local Security Checks	high
209543	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : protobuf (SUSE-SU-2024:3747-1)	Nessus	SuSE Local Security Checks	high
209542	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : protobuf (SUSE-SU-2024:3745-1)	Nessus	SuSE Local Security Checks	high

Detections

Analytics

CVE-2024-7254

high

Tenable Plugins

high

high

high

high