VYPR
High severityNVD Advisory· Published Jan 3, 2024· Updated Nov 3, 2025

Ion Java StackOverflow vulnerability

CVE-2024-21634

Description

Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential denial-of-service issue exists in ion-java for applications that use ion-java to deserialize Ion text encoded data, or deserialize Ion text or binary encoded data into the IonValue model and then invoke certain IonValue methods on that in-memory representation. An actor could craft Ion data that, when loaded by the affected application and/or processed using the IonValue model, results in a StackOverflowError originating from the ion-java library. The patch is included in ion-java 1.10.5. As a workaround, do not load data which originated from an untrusted source or that could have been tampered with.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
com.amazon.ion:ion-javaMaven
< 1.10.51.10.5
software.amazon.ion:ion-javaMaven
>= 0

Affected products

54

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.