Medium severityOSV Advisory· Published Jan 27, 2026· Updated Apr 15, 2026

CVE-2026-24802

Description

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in briandilley jsonrpc4j (src/main/java/com/googlecode/jsonrpc4j modules). This vulnerability is associated with program files NoCloseOutputStream.Java.

This issue affects jsonrpc4j: through 1.6.0.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
com.github.briandilley.jsonrpc4j:jsonrpc4jMaven	< 1.7.0	1.7.0

Affected products

Briandilley/Jsonrpc4jOSV
Range: 1.2.0, 1.3.0, 1.3.1, …

Patches

087f5268eaf9

Fix Buffer Overflow Vulnerability in RPC Stream Writer (#333)

https://github.com/briandilley/jsonrpc4jLim Sim YeeMay 20, 2025via ghsa

commit

1 file changed · +11 −1

src/main/java/com/googlecode/jsonrpc4j/NoCloseOutputStream.java+11 −1 modified

@@ -34,7 +34,17 @@ public void write(byte[] b) throws IOException {
 	 */
 	@Override
 	public void write(byte[] b, int off, int len) throws IOException {
-		this.ops.write(b, off, len);
+	    // Validate input parameters
+	    if (b == null) {
+	        throw new NullPointerException("Input byte array cannot be null");
+	    }
+	    
+	    if (off < 0 || len < 0 || off + len > b.length) {
+	        throw new ArrayIndexOutOfBoundsException("Invalid offset or length parameters");
+	    }
+	    
+	    // Only perform the write operation after validation
+	    this.ops.write(b, off, len);
 	}
 	
 	/**

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-hcx3-3q5c-r5v6ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2026-24802ghsaADVISORY
github.com/briandilley/jsonrpc4j/commit/087f5268eaf901f90d1e84062def77faa52ad8b2ghsaWEB
github.com/briandilley/jsonrpc4j/pull/333nvdWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000