• Type: Public Security Vulnerability
• Resolution: Fixed
• Priority: High
• Fix Version/s: 10.1.1, 5.12.14, 5.17.4
• Affects Version/s: 5.4.0, (54)
  5.4.1, 5.4.2, 5.4.3, 5.4.4, 5.4.5, 5.4.6, 5.4.7, 5.4.8, 5.4.9, 5.4.10, 5.12.0, 5.4.11, 5.13.0, 5.4.12, 5.14.0, 5.12.1, 5.4.13, 5.4.14, 5.4.15, 5.12.2, 5.13.1, 5.4.16, 5.12.3, 5.4.17, 5.12.4, 5.14.1, 10.0.0, 5.4.18, 5.12.6, 5.4.19, 5.16.0, 5.12.5, 5.4.20, 5.12.7, 5.15.2, 5.4.21, 5.12.8, 5.4.22, 5.12.9, 5.17.0, 5.16.1, 5.12.12, 5.4.23, 5.12.10, 5.12.11, 5.4.24, 5.17.1, 5.4.25, 5.4.26, 5.12.13, 5.17.2, 10.0.1, 5.4.27, 5.17.3
• Component/s: None
• Labels:

  None

[JSDSERVER-15617] Stack-based Buffer Overflow com.google.protobuf:protobuf-java Dependency in Jira Service Management Data Center and Server

Marcin Oles made changes - 05/Mar/2025 8:05 AM

Remote Link

New: This issue links to "Page (Confluence)" [ 994173 ]

Marcin Oles made changes - 26/Feb/2025 6:09 PM

Remote Link

New: This issue links to "Page (Confluence)" [ 992020 ]

Yann made changes - 17/Oct/2024 7:15 AM

Affects Version/s		New: 5.4.0 [ 102903 ]
Affects Version/s		New: 5.4.1 [ 103991 ]
Affects Version/s		New: 5.4.2 [ 104393 ]
Affects Version/s		New: 5.4.3 [ 104315 ]
Affects Version/s		New: 5.4.4 [ 104715 ]
Affects Version/s		New: 5.4.5 [ 104361 ]
Affects Version/s		New: 5.4.6 [ 104663 ]
Affects Version/s		New: 5.4.7 [ 105290 ]
Affects Version/s		New: 5.4.8 [ 105339 ]
Affects Version/s		New: 5.4.9 [ 105515 ]
Affects Version/s		New: 5.4.10 [ 105719 ]
Affects Version/s		New: 5.4.11 [ 105755 ]
Affects Version/s		New: 5.4.12 [ 106143 ]
Affects Version/s		New: 5.4.13 [ 106413 ]
Affects Version/s		New: 5.4.14 [ 106507 ]
Affects Version/s		New: 5.4.15 [ 106514 ]
Affects Version/s		New: 5.4.16 [ 106539 ]
Affects Version/s		New: 5.4.17 [ 106910 ]
Affects Version/s		New: 5.4.18 [ 107320 ]
Affects Version/s		New: 5.4.19 [ 107594 ]
Affects Version/s		New: 5.4.20 [ 107792 ]
Affects Version/s		New: 5.4.21 [ 108110 ]
Affects Version/s		New: 5.4.22 [ 107815 ]
Affects Version/s		New: 5.4.23 [ 108298 ]
Affects Version/s		New: 5.4.24 [ 108698 ]
Affects Version/s		New: 5.4.25 [ 108623 ]
Affects Version/s		New: 5.4.26 [ 108708 ]
Affects Version/s		New: 5.4.27 [ 108824 ]

Yann made changes - 17/Oct/2024 7:14 AM

Description

Original: This High severity Stack-based Buffer Overflow vulnerability was introduced in version 5.12.0 of Jira Service Management Data Center and Server. This Stack-based Buffer Overflow vulnerability, with a CVSS Score of 7.5, allows an unauthenticated attacker to impact service availability, which has no impact to confidentiality, no impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Jira Service Management Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: ||Affected Versions||Fix Versions|| |from 10.0.0 to 10.0.1|10.1.1| |from 5.17.0 to 5.17.3|5.17.4| |from 5.16.0 to 5.16.1| | |5.15.2| | |from 5.14.0 to 5.14.1| | |from 5.13.0 to 5.13.1| | |from 5.12.0 to 5.12.13 LTS|5.12.14| You can download the latest version of Jira Service Management Data Center and Server from the download center ([[https://www.atlassian.com/software/jira/service-management/download-archives]]). This vulnerability was reported via our Bug Bounty program.

New: This High severity Stack-based Buffer Overflow vulnerability was introduced in version 5.12.0 of Jira Service Management Data Center and Server. This Stack-based Buffer Overflow vulnerability, with a CVSS Score of 7.5, allows an unauthenticated attacker to impact service availability, which has no impact to confidentiality, no impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Jira Service Management Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: ||Affected Versions||Fix Versions|| |from 10.0.0 to 10.0.1|10.1.1| |from 5.17.0 to 5.17.3|5.17.4| |from 5.16.0 to 5.16.1| | |5.15.2| | |from 5.14.0 to 5.14.1| | |from 5.13.0 to 5.13.1| | |from 5.12.0 to 5.12.13 LTS|5.12.14| |from 5.4.0 to 5.4.27| | You can download the latest version of Jira Service Management Data Center and Server from the download center ([[https://www.atlassian.com/software/jira/service-management/download-archives]]). This vulnerability was reported via our Bug Bounty program.

Ivan Poletan made changes - 16/Oct/2024 4:59 AM

Comment

[ Hi, Just wondering if 5.4 LTS version is affected. I can see it is not mentioned but double checking as it's an earlier version compared to the ones listed. Thank you. ]

prodsec-jac-bot made changes - 15/Oct/2024 5:00 PM

Resolution		New: Fixed [ 1 ]
Security	Original: Atlassian Staff [ 10750 ]
Status	Original: Draft [ 12872 ]	New: Published [ 12873 ]

David Detweiler made changes - 11/Oct/2024 6:01 PM

Comment

[ Relates to: [https://asecurityteam.atlassian.net/browse/VULN-1431700] ]

David Detweiler made changes - 11/Oct/2024 5:58 PM

Description

Original: This High severity Stack-based Buffer Overflow vulnerability was introduced in version 5.12.14 of Jira Service Management Data Center and Server. This Stack-based Buffer Overflow vulnerability, with a CVSS Score of 7.5, allows an unauthenticated attacker to impact service availability, which has no impact to confidentiality, no impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Jira Service Management Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: ||Affected Versions||Fix Versions|| |from 10.0.0 to 10.0.1|10.1.1| |from 5.17.0 to 5.17.3|5.17.4| |from 5.16.0 to 5.16.1| | |5.15.2| | |from 5.14.0 to 5.14.1| | |from 5.13.0 to 5.13.1| | |from 5.12.0 to 5.12.13 LTS|5.12.14| You can download the latest version of Jira Service Management Data Center and Server from the download center ([[https://www.atlassian.com/software/jira/service-management/download-archives]]). This vulnerability was reported via our Bug Bounty program.

New: This High severity Stack-based Buffer Overflow vulnerability was introduced in version 5.12.0 of Jira Service Management Data Center and Server. This Stack-based Buffer Overflow vulnerability, with a CVSS Score of 7.5, allows an unauthenticated attacker to impact service availability, which has no impact to confidentiality, no impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Jira Service Management Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: ||Affected Versions||Fix Versions|| |from 10.0.0 to 10.0.1|10.1.1| |from 5.17.0 to 5.17.3|5.17.4| |from 5.16.0 to 5.16.1| | |5.15.2| | |from 5.14.0 to 5.14.1| | |from 5.13.0 to 5.13.1| | |from 5.12.0 to 5.12.13 LTS|5.12.14| You can download the latest version of Jira Service Management Data Center and Server from the download center ([[https://www.atlassian.com/software/jira/service-management/download-archives]]). This vulnerability was reported via our Bug Bounty program.

David Detweiler made changes - 11/Oct/2024 4:52 PM

Description

Original: This High severity Stack-based Buffer Overflow vulnerability was introduced in version 5.12.14 of Jira Service Management Data Center and Server. This Stack-based Buffer Overflow vulnerability, with a CVSS Score of 7.5, allows an unauthenticated attacker to impact service availability, which has no impact to confidentiality, no impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Jira Service Management Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: ||Affected Versions||Fix Versions|| |from 10.0.0 to 10.0.1|10.1.0| |from 5.17.0 to 5.17.3|5.17.4| |from 5.16.0 to 5.16.1| | |5.15.2| | |from 5.14.0 to 5.14.1| | |from 5.13.0 to 5.13.1| | |from 5.12.0 to 5.12.13 LTS|5.12.14| You can download the latest version of Jira Service Management Data Center and Server from the download center ([[https://www.atlassian.com/software/jira/service-management/download-archives]]). This vulnerability was reported via our Bug Bounty program.

New: This High severity Stack-based Buffer Overflow vulnerability was introduced in version 5.12.14 of Jira Service Management Data Center and Server. This Stack-based Buffer Overflow vulnerability, with a CVSS Score of 7.5, allows an unauthenticated attacker to impact service availability, which has no impact to confidentiality, no impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Jira Service Management Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: ||Affected Versions||Fix Versions|| |from 10.0.0 to 10.0.1|10.1.1| |from 5.17.0 to 5.17.3|5.17.4| |from 5.16.0 to 5.16.1| | |5.15.2| | |from 5.14.0 to 5.14.1| | |from 5.13.0 to 5.13.1| | |from 5.12.0 to 5.12.13 LTS|5.12.14| You can download the latest version of Jira Service Management Data Center and Server from the download center ([[https://www.atlassian.com/software/jira/service-management/download-archives]]). This vulnerability was reported via our Bug Bounty program.

David Detweiler made changes - 11/Oct/2024 4:52 PM

Description

Original: This High severity Stack-based Buffer Overflow vulnerability was introduced in version 5.12.14 of Jira Service Management Data Center and Server. This Stack-based Buffer Overflow vulnerability, with a CVSS Score of 7.5, allows an unauthenticated attacker to impact service availability, which has no impact to confidentiality, no impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Jira Service Management Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: ||Affected Versions||Fix Versions|| |from 10.0.0 to 10.0.1| | |from 5.17.0 to 5.17.3| | |from 5.16.0 to 5.16.1| | |5.15.2| | |from 5.14.0 to 5.14.1| | |from 5.13.0 to 5.13.1| | |from 5.12.0 to 5.12.13 LTS| | You can download the latest version of Jira Service Management Data Center and Server from the download center ([[https://www.atlassian.com/software/jira/service-management/download-archives]]). This vulnerability was reported via our Bug Bounty program.

New: This High severity Stack-based Buffer Overflow vulnerability was introduced in version 5.12.14 of Jira Service Management Data Center and Server. This Stack-based Buffer Overflow vulnerability, with a CVSS Score of 7.5, allows an unauthenticated attacker to impact service availability, which has no impact to confidentiality, no impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Jira Service Management Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: ||Affected Versions||Fix Versions|| |from 10.0.0 to 10.0.1|10.1.0| |from 5.17.0 to 5.17.3|5.17.4| |from 5.16.0 to 5.16.1| | |5.15.2| | |from 5.14.0 to 5.14.1| | |from 5.13.0 to 5.13.1| | |from 5.12.0 to 5.12.13 LTS|5.12.14| You can download the latest version of Jira Service Management Data Center and Server from the download center ([[https://www.atlassian.com/software/jira/service-management/download-archives]]). This vulnerability was reported via our Bug Bounty program.

Load more older history items