Vulnerability	Vulnerable Version
H Improper Validation of Array Index Affected versions of this package are vulnerable to Improper Validation of Array Index in the `skipGroup` function. An attacker can cause a service crash by sending a crafted protobuf payload with a negative length in a length-delimited field inside a group, leading to an unchecked runtime exception that escapes the documented error handling. How to fix Improper Validation of Array Index? Upgrade `com.squareup.wire:wire-runtime` to version 6.3.0, 7.0.0-alpha03 or higher.	[,6.3.0)[7.0.0-alpha01,7.0.0-alpha03)
M Uncontrolled Recursion Affected versions of this package are vulnerable to Uncontrolled Recursion due to improper enforcement of recursion limits in `ByteArrayProtoReader32.kt` and `ProtoReader.kt`. An attacker can cause a denial of service by sending deeply nested group structures. How to fix Uncontrolled Recursion? Upgrade `com.squareup.wire:wire-runtime` to version 5.2.0 or higher.	[,5.2.0)

Improper Validation of Array Index

Affected versions of this package are vulnerable to Improper Validation of Array Index in the skipGroup function. An attacker can cause a service crash by sending a crafted protobuf payload with a negative length in a length-delimited field inside a group, leading to an unchecked runtime exception that escapes the documented error handling.

How to fix Improper Validation of Array Index?

Upgrade com.squareup.wire:wire-runtime to version 6.3.0, 7.0.0-alpha03 or higher.

[,6.3.0)[7.0.0-alpha01,7.0.0-alpha03)

Uncontrolled Recursion

Affected versions of this package are vulnerable to Uncontrolled Recursion due to improper enforcement of recursion limits in ByteArrayProtoReader32.kt and ProtoReader.kt. An attacker can cause a denial of service by sending deeply nested group structures.

How to fix Uncontrolled Recursion?

Upgrade com.squareup.wire:wire-runtime to version 5.2.0 or higher.

[,5.2.0)

Go back to all versions of this package