VYPR

Wire

by Square

Source repositories

CVEs (2)

  • CVE-2026-45799higMay 19, 2026
    risk 0.38cvss epss 0.00

    # CVE-2026-45799 ## Maintainer summary Wire's protobuf group-skipping logic did not reject negative lengths before skipping a length-delimited field inside a group. A crafted protobuf payload could cause Wire to throw an unchecked runtime exception during decoding instead of…

  • CVE-2024-58103MedMar 16, 2025
    risk 0.31cvss 5.8epss 0.00

    Square Wire before 5.2.0 does not enforce a recursion limit on nested groups in ByteArrayProtoReader32.kt and ProtoReader.kt.