{"id":"CVE-2024-54016","details":"Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Apache Seata (incubating).\n\nThis issue affects Apache Seata (incubating): through \u003c=2.2.0.\n\nUsers are recommended to upgrade to version 2.3.0, which fixes the issue.","aliases":["GHSA-65vg-64g8-mwjr"],"modified":"2026-04-12T09:58:18.000168Z","published":"2025-03-20T09:15:12.963Z","references":[{"type":"ADVISORY","url":"https://lists.apache.org/thread/grn0x8tmssx07qc9z50lwgmrkwzrrhzg"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2025/03/19/6"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/incubator-seata","events":[{"introduced":"f43e2a9268992b161f38c4d6eccc77646cc39ff4"},{"fixed":"0ad2847465fa877a2c65ea84ed43f5b0984c3ce9"}],"database_specific":{"versions":[{"introduced":"2.0.0"},{"fixed":"2.3.0"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-54016.json","vanir_signatures":[{"source":"https://github.com/apache/incubator-seata/commit/0ad2847465fa877a2c65ea84ed43f5b0984c3ce9","digest":{"function_hash":"240067990988798984774333426527542216993","length":781},"signature_version":"v1","target":{"file":"compatible/src/test/java/io/seata/tm/api/DefaultFailureHandlerImplTest.java","function":"onRollbackFailure"},"id":"CVE-2024-54016-07302aff","deprecated":false,"signature_type":"Function"},{"source":"https://github.com/apache/incubator-seata/commit/0ad2847465fa877a2c65ea84ed43f5b0984c3ce9","digest":{"threshold":0.9,"line_hashes":["214371701131224498867116484830138557703","103326891935392308817415952443352830416","29836720890721288277864917060910770819","186845443821405445959121861006761966953","217365845043367773184233231979282871872","82114271901885231626273463470417740184","146361738576118732171276518781402474454","310510940811645211455589781085390188165","263244397258121676730293097289174157752","29439393588654488175608979012935492705","102413946797138234201662137666013873019","260497709188647182438199528598918129591","215173368832176471242132037284754458404","175215250857535432569302346962253013528","62986732600527447919352984799946447514","118997166559430201205377471925113345461","322471347800547440191851543434567799974","122680355191551761480435053745164815374","276339125260561915457282481194820802964","140547074940766806655608472131492699319","174350547264623027348106163151060642331","137923086386680235195368373485846998567","272888749388520485511006835967757413987","118997166559430201205377471925113345461","321094720905825230590926674286971477305","60588315817936963341787888240580836278","218198032645929880224463458707450260537","15319099719913058711416722187492345748","317550517784042902280322593981889560653","89368058117736478701828344361097650381","27308704412086359555145297805837498242","301319239267573754008104887185413256567","222450974535972369463885271580295867730","244121519962982378680254867060810488396","95632042134146977834463884110560855540","230550138545905725533269700658427621704","248614934668312562197066148392379201343","206041177008454488933624853012107108510","144720166662055302258879218510818532341","94660915357466434881163650744661959389","241873659775370499306438596218264438967","48056173169660791785897840437312774305","118997166559430201205377471925113345461","78501750082687453791018867956359540867","134980027055803332390119242149718454755","262683033407838943273187555829451481280","295546450488981567970016300238048336620","317550517784042902280322593981889560653","89368058117736478701828344361097650381","27308704412086359555145297805837498242","92631555481375945709892771140716687871","299377563284640409359971873919771245737","71071283592129147174369364284906572370","150819172612671075925115838154738652001","230550138545905725533269700658427621704","248614934668312562197066148392379201343","283055200384401393662846797855649751488"]},"signature_version":"v1","target":{"file":"compatible/src/test/java/io/seata/tm/api/DefaultFailureHandlerImplTest.java"},"id":"CVE-2024-54016-286a2cfe","deprecated":false,"signature_type":"Line"},{"source":"https://github.com/apache/incubator-seata/commit/0ad2847465fa877a2c65ea84ed43f5b0984c3ce9","digest":{"function_hash":"202134273638937640523091858698907516464","length":301},"signature_version":"v1","target":{"file":"tm/src/test/java/org/apache/seata/tm/api/DefaultFailureHandlerImplTest.java","function":"onBeginFailure"},"id":"CVE-2024-54016-4bf21141","deprecated":false,"signature_type":"Function"},{"source":"https://github.com/apache/incubator-seata/commit/0ad2847465fa877a2c65ea84ed43f5b0984c3ce9","digest":{"function_hash":"11443722429053205124381077063215277104","length":763},"signature_version":"v1","target":{"file":"tm/src/test/java/org/apache/seata/tm/api/DefaultFailureHandlerImplTest.java","function":"onCommitFailure"},"id":"CVE-2024-54016-6de3dd52","deprecated":false,"signature_type":"Function"},{"source":"https://github.com/apache/incubator-seata/commit/0ad2847465fa877a2c65ea84ed43f5b0984c3ce9","digest":{"function_hash":"40891575550624031541142231537032272934","length":764},"signature_version":"v1","target":{"file":"tm/src/test/java/org/apache/seata/tm/api/DefaultFailureHandlerImplTest.java","function":"onRollbackFailure"},"id":"CVE-2024-54016-7461265b","deprecated":false,"signature_type":"Function"},{"source":"https://github.com/apache/incubator-seata/commit/0ad2847465fa877a2c65ea84ed43f5b0984c3ce9","digest":{"function_hash":"69413645204021743567426950099396618754","length":326},"signature_version":"v1","target":{"file":"compatible/src/test/java/io/seata/tm/api/DefaultFailureHandlerImplTest.java","function":"onBeginFailure"},"id":"CVE-2024-54016-884fdb5b","deprecated":false,"signature_type":"Function"},{"source":"https://github.com/apache/incubator-seata/commit/0ad2847465fa877a2c65ea84ed43f5b0984c3ce9","digest":{"threshold":0.9,"line_hashes":["215173368832176471242132037284754458404","305032704825348911215330062759723646232","163618769591464039381844358586532737951","107328969793023525655820777135945710337","317339715957054479303503280999366021643","307212327460262980954635851408249695992","276339125260561915457282481194820802964","140547074940766806655608472131492699319","174350547264623027348106163151060642331","10162338892946920728949814435737932849","334349791224166347928686719021351369262","107328969793023525655820777135945710337","300634779041623689618478763233866348006","50459287837539536243048118737281602061","233375589630845857206844704940219804078","161081529563893060517148914601534780865","197491897922221397590990071679749577085","89368058117736478701828344361097650381","27308704412086359555145297805837498242","301319239267573754008104887185413256567","222450974535972369463885271580295867730","244121519962982378680254867060810488396","95632042134146977834463884110560855540","230550138545905725533269700658427621704","248614934668312562197066148392379201343","206041177008454488933624853012107108510","144720166662055302258879218510818532341","94660915357466434881163650744661959389","219072849152372509987863076951385938844","329874858319699511374374840452843668006","107328969793023525655820777135945710337","84771242885442855081822921050681634259","151147112222226890928071623970661688574","215535698506305437485139376121484603910","14694940081743184738712572913449797815","197491897922221397590990071679749577085","89368058117736478701828344361097650381","27308704412086359555145297805837498242","92631555481375945709892771140716687871","299377563284640409359971873919771245737","71071283592129147174369364284906572370","150819172612671075925115838154738652001","230550138545905725533269700658427621704","248614934668312562197066148392379201343","283055200384401393662846797855649751488"]},"signature_version":"v1","target":{"file":"tm/src/test/java/org/apache/seata/tm/api/DefaultFailureHandlerImplTest.java"},"id":"CVE-2024-54016-907b506b","deprecated":false,"signature_type":"Line"},{"source":"https://github.com/apache/incubator-seata/commit/0ad2847465fa877a2c65ea84ed43f5b0984c3ce9","digest":{"function_hash":"85391567855351372668753100169001057514","length":780},"signature_version":"v1","target":{"file":"compatible/src/test/java/io/seata/tm/api/DefaultFailureHandlerImplTest.java","function":"onCommitFailure"},"id":"CVE-2024-54016-abc1a04f","deprecated":false,"signature_type":"Function"}],"vanir_signatures_modified":"2026-04-12T09:58:18Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}]}