CVE-2024-21634

Summary

CVE-2024-21634 is a denial-of-service vulnerability affecting Amazon Ion, a Java implementation of the Ion data notation, prior to version 1.10.5. Applications using `ion-java` to deserialize Ion text or binary encoded data into the `IonValue` model and then invoke certain `IonValue` methods are at risk. Maliciously crafted Ion data can trigger a `StackOverflowError` in the `ion-java` library, potentially causing a denial-of-service condition. The vulnerability is addressed in `ion-java` 1.10.5, and a workaround involves not loading data from untrusted sources or those that may have been tampered with.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.