Lucene search
K

45 matches found

Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.5 views

Amazon Linux 2023 : protobuf, protobuf-compiler, protobuf-devel (ALAS2023-2026-1407)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1407 advisory. A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due t...

8.2CVSS6.7AI score0.00613EPSS
Exploits0References4
Veracode
Veracode
added 2026/01/28 4:55 a.m.6 views

Denial Of Service (DoS)

Protobuf is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to bypassed recursion depth limits when parsing nested Any messages, where missing depth accounting in the ParseDict logic allows deeply nested inputs to exhaust the Python recursion stack and trigger a RecursionError...

8.2CVSS5.9AI score0.00613EPSS
Exploits0References21Affected Software1
SUSE CVE
SUSE CVE
added 2026/01/24 12:24 a.m.4 views

SUSE CVE-2026-0994

A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...

5.9CVSS5.7AI score0.00613EPSS
Exploits0References15
Github Security Blog
Github Security Blog
added 2026/01/23 3:31 p.m.16 views

protobuf affected by a JSON recursion depth bypass

A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...

8.2CVSS5.6AI score0.00613EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/01/23 3:16 p.m.7 views

AZL-76481 CVE-2026-0994 affecting package mysql for versions less than 8.0.45-2

A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...

8.2CVSS7.3AI score0.00613EPSS
Exploits0References1
OSV
OSV
added 2026/01/23 3:16 p.m.5 views

AZL-76505 CVE-2026-0994 affecting package pytorch for versions less than 2.0.0-14

A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...

8.2CVSS7.3AI score0.00613EPSS
Exploits0References1
OSV
OSV
added 2026/01/23 3:16 p.m.7 views

AZL-75830 CVE-2026-0994 affecting package protobuf for versions less than 25.3-6

A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...

8.2CVSS7.3AI score0.00613EPSS
Exploits0References1
OSV
OSV
added 2026/01/23 3:16 p.m.9 views

AZL-76602 CVE-2026-0994 affecting package pytorch for versions less than 2.2.2-12

A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...

8.2CVSS7.3AI score0.00613EPSS
Exploits0References1
OSV
OSV
added 2026/01/23 3:16 p.m.2 views

CVE-2026-0994

A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...

8.2CVSS5.8AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/01/23 3:16 p.m.8 views

CVE-2026-0994

A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...

8.2CVSS6.7AI score0.00613EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/01/23 2:55 p.m.33 views

CVE-2026-0994 Denial of Service in Python Protobuf

A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...

8.2CVSS0.00613EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/23 2:55 p.m.2 views

CVE-2026-0994

A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...

8.2CVSS5.9AI score0.00613EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/23 2:55 p.m.9 views

CVE-2026-0994 Denial of Service in Python Protobuf

A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...

8.2CVSS5.6AI score0.00613EPSS
Exploits0References1
CVE
CVE
added 2026/01/23 2:55 p.m.256 views

CVE-2026-0994

CVE-2026-0994 affects google.protobuf.json_format.ParseDict() in Python. The root cause is missing recursion depth accounting inside the internal Any-handling logic, allowing crafting deeply nested google.protobuf.Any structures to bypass the max_recursion_depth limit, exhausting Python’s recursi...

8.2CVSS5.6AI score0.00613EPSS
Exploits0References19Affected Software1
CNNVD
CNNVD
added 2026/01/23 12:0 a.m.6 views

Google Protobuf security vulnerabilities

Google Protobuf is a data exchange format developed by Google, Inc. of the United States. There is a security vulnerability in Google Protobuf. This vulnerability stems from the google.protobuf.jsonformat.ParseDict function, which can bypass the maxrecursiondepth limit when parsing nested...

8.2CVSS6.6AI score0.00613EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/23 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-0994

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing...

8.2CVSS6.4AI score0.00613EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.4 views

PT-2026-4468

Name of the Vulnerable Software and Affected Versions google.protobuf affected versions not specified Description A denial-of-service DoS issue exists in the ParseDict function within google.protobuf.json format in Python. The vulnerability occurs because the max recursion depth limit can be...

8.2CVSS5.3AI score0.00613EPSS
Exploits0References334
RedHat Linux
RedHat Linux
added 2023/05/16 8:59 a.m.8 views

golang: encoding/xml: stack exhaustion in Unmarshal

A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion...

7.5CVSS6.6AI score0.01618EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/11/08 9:43 a.m.5 views

golang: encoding/xml: stack exhaustion in Unmarshal

A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion...

7.5CVSS6.6AI score0.01618EPSS
Exploits0References6
OSV
OSV
added 2022/08/10 8:15 p.m.2 views

DEBIAN-CVE-2022-30633

Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag...

7.5CVSS7.4AI score0.01618EPSS
Exploits0References1
Rows per page
Query Builder