45 matches found
Amazon Linux 2023 : protobuf, protobuf-compiler, protobuf-devel (ALAS2023-2026-1407)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1407 advisory. A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due t...
Denial Of Service (DoS)
Protobuf is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to bypassed recursion depth limits when parsing nested Any messages, where missing depth accounting in the ParseDict logic allows deeply nested inputs to exhaust the Python recursion stack and trigger a RecursionError...
SUSE CVE-2026-0994
A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...
protobuf affected by a JSON recursion depth bypass
A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...
AZL-76481 CVE-2026-0994 affecting package mysql for versions less than 8.0.45-2
A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...
AZL-76505 CVE-2026-0994 affecting package pytorch for versions less than 2.0.0-14
A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...
AZL-75830 CVE-2026-0994 affecting package protobuf for versions less than 25.3-6
A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...
AZL-76602 CVE-2026-0994 affecting package pytorch for versions less than 2.2.2-12
A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...
CVE-2026-0994
A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...
CVE-2026-0994
A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...
CVE-2026-0994 Denial of Service in Python Protobuf
A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...
CVE-2026-0994
A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...
CVE-2026-0994 Denial of Service in Python Protobuf
A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...
CVE-2026-0994
CVE-2026-0994 affects google.protobuf.json_format.ParseDict() in Python. The root cause is missing recursion depth accounting inside the internal Any-handling logic, allowing crafting deeply nested google.protobuf.Any structures to bypass the max_recursion_depth limit, exhausting Python’s recursi...
Google Protobuf security vulnerabilities
Google Protobuf is a data exchange format developed by Google, Inc. of the United States. There is a security vulnerability in Google Protobuf. This vulnerability stems from the google.protobuf.jsonformat.ParseDict function, which can bypass the maxrecursiondepth limit when parsing nested...
Linux Distros Unpatched Vulnerability : CVE-2026-0994
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing...
PT-2026-4468
Name of the Vulnerable Software and Affected Versions google.protobuf affected versions not specified Description A denial-of-service DoS issue exists in the ParseDict function within google.protobuf.json format in Python. The vulnerability occurs because the max recursion depth limit can be...
golang: encoding/xml: stack exhaustion in Unmarshal
A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion...
golang: encoding/xml: stack exhaustion in Unmarshal
A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion...
DEBIAN-CVE-2022-30633
Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag...