Medium severity5.8OSV Advisory· Published Mar 16, 2025· Updated Apr 15, 2026
CVE-2024-58103
CVE-2024-58103
Description
Square Wire before 5.2.0 does not enforce a recursion limit on nested groups in ByteArrayProtoReader32.kt and ProtoReader.kt.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.squareup.wire:wire-runtimeMaven | < 5.2.0 | 5.2.0 |
Affected products
14- osv-coords13 versionspkg:apk/chainguard/apache-nifipkg:apk/chainguard/apache-nifi-compatpkg:apk/chainguard/apache-nifi-toolkitpkg:apk/chainguard/apicurio-registrypkg:apk/chainguard/apicurio-registry-nginx-configpkg:apk/chainguard/apicurio-registry-uipkg:apk/wolfi/apache-nifipkg:apk/wolfi/apache-nifi-compatpkg:apk/wolfi/apache-nifi-toolkitpkg:apk/wolfi/apicurio-registrypkg:apk/wolfi/apicurio-registry-nginx-configpkg:apk/wolfi/apicurio-registry-uipkg:maven/com.squareup.wire/wire-runtime
< 2.3.0-r3+ 12 more
- (no CPE)range: < 2.3.0-r3
- (no CPE)range: < 2.3.0-r3
- (no CPE)range: < 2.3.0-r3
- (no CPE)range: < 3.1.2-r0
- (no CPE)range: < 3.1.2-r0
- (no CPE)range: < 3.1.2-r0
- (no CPE)range: < 2.3.0-r3
- (no CPE)range: < 2.3.0-r3
- (no CPE)range: < 2.3.0-r3
- (no CPE)range: < 3.1.2-r0
- (no CPE)range: < 3.1.2-r0
- (no CPE)range: < 3.1.2-r0
- (no CPE)range: < 5.2.0
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.