What is the severity of REDHAT-BUG-2304311?

REDHAT-BUG-2304311 is classified as a potential denial-of-service vulnerability affecting earlier versions of Amazon Ion.

How do I fix REDHAT-BUG-2304311?

To mitigate REDHAT-BUG-2304311, update to Amazon Ion version 1.10.5 or later.

What software is affected by REDHAT-BUG-2304311?

REDHAT-BUG-2304311 affects Amazon Ion and ion-java prior to version 1.10.5.

What type of vulnerability is REDHAT-BUG-2304311?

REDHAT-BUG-2304311 is a denial-of-service vulnerability related to deserialization issues in Amazon Ion.

When was REDHAT-BUG-2304311 reported?

REDHAT-BUG-2304311 was reported due to issues found in the implementation prior to the release of version 1.10.5.

Vulnerability/
REDHAT-BUG-2304311

high

13/8/2024

17/3/2025

REDHAT-BUG-2304311

First published: Tue Aug 13 2024(Updated: )

Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential denial-of-service issue exists in `ion-java` for applications that use `ion-java` to deserialize Ion text encoded data, or deserialize Ion text or binary encoded data into the `IonValue` model and then invoke certain `IonValue` methods on that in-memory representation. An actor could craft Ion data that, when loaded by the affected application and/or processed using the `IonValue` model, results in a `StackOverflowError` originating from the `ion-java` library. The patch is included in `ion-java` 1.10.5. As a workaround, do not load data which originated from an untrusted source or that could have been tampered with.

Affected Software	Affected Version	How to fix
Amazon Ion for Java	<1.10.5
Amazon Ion for Java	<1.10.5

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of REDHAT-BUG-2304311?
REDHAT-BUG-2304311 is classified as a potential denial-of-service vulnerability affecting earlier versions of Amazon Ion.
How do I fix REDHAT-BUG-2304311?
To mitigate REDHAT-BUG-2304311, update to Amazon Ion version 1.10.5 or later.
What software is affected by REDHAT-BUG-2304311?
REDHAT-BUG-2304311 affects Amazon Ion and ion-java prior to version 1.10.5.
What type of vulnerability is REDHAT-BUG-2304311?
REDHAT-BUG-2304311 is a denial-of-service vulnerability related to deserialization issues in Amazon Ion.
When was REDHAT-BUG-2304311 reported?
REDHAT-BUG-2304311 was reported due to issues found in the implementation prior to the release of version 1.10.5.

agent/severity
agent/references
agent/type
agent/description
agent/event
agent/first-publish-date
agent/source
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2024-21634
agent/last-modified-date
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/amazon
canonical/amazon ion for java

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.