The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
encoding/protojson, internal/encoding/json: handle missing object values In internal/encoding/json, report an error when encountering a } when we are expecting an object field value. the input {"":} now correctly results in an error at the closing } token.
In encoding/protojson, check for an unexpected EOF token in skipJSONValue. This is redundant with the check in internal/encoding/json, but adds a bit more defense against any other similar bugs that might exist.
Descriptions :
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
encoding/protojson, internal/encoding/json: handle missing object values In internal/encoding/json, report an error when encountering a
}
when we are expecting an object field value. the input{"":}
now correctly results in an error at the closing } token.In encoding/protojson, check for an unexpected EOF token in skipJSONValue. This is redundant with the check in internal/encoding/json, but adds a bit more defense against any other similar bugs that might exist.
CVE-2024-24786 CWE-835