CVE-2024-4420

Affected Versions

Tink C++, 2.1.2 and earlier.

Description

• An adversary can crash binaries using the crypto::tink::JsonKeysetReader in Tink C++ by providing an input that is not an encoded JSON object, but still a valid encoded JSON element, for example a number or an array. This will crash as Tink just assumes any valid JSON input will contain an object.

• An adversary can crash binaries using the crypto::tink::JsonKeysetReader in Tink C++ by providing an input containing many nested JSON objects. This may result in a stack overflow.

Users are affected by this issue if JSON keysets are read from an external untrusted source (e.g. a public key provided by another party).