sonatype-2025-000535 Security Details

CVE ID

sonatype-2025-000535

CWE

N/A

CVE Description

github.com/sigstore/sigstore-java (gson) - Stack-based Buffer Overflow [CVE-2025-53864]

Published

Feb 13, 2025

CVSS Score & Severity

6.9Medium

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS Score

0%

Malware

malware

KEV Status

Not in KEV Catalog: No known exploits

Vulnerable Methods

com/google/gson/MemoryRefStack.push(Lcom/google/gson/ObjectTypePair;)Lcom/google/gson/ObjectTypePair;

JVM

com/google/gson/stream/JsonReader.push(I)V

JVM

com/google/gson/stream/JsonReader.push(Lcom/google/gson/stream/JsonScope;)V

JVM

Affected Ecosystems

affected

Source

Sonatype

References

https://issues.oss-fuzz.com/issues/384541935THIRD_PARTY