183 matches found
CVE-2026-0994
CVE-2026-0994 affects google.protobuf.json_format.ParseDict() in Python. The root cause is missing recursion depth accounting inside the internal Any-handling logic, allowing crafting deeply nested google.protobuf.Any structures to bypass the max_recursion_depth limit, exhausting Python’s recursi...
CVE-2026-0994 Denial of Service in Python Protobuf
A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...
CVE-2026-0994
A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...
CVE-2026-0994
A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...
SUSE CVE-2025-67221
The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...
Google Protobuf security vulnerabilities
Google Protobuf is a data exchange format developed by Google, Inc. of the United States. There is a security vulnerability in Google Protobuf. This vulnerability stems from the google.protobuf.jsonformat.ParseDict function, which can bypass the maxrecursiondepth limit when parsing nested...
orjson does not limit recursion for deeply nested JSON documents
The orjson.dumps function in orjson before 3.11.6 does not limit recursion for deeply nested JSON documents...
GHSA-HX9Q-6W63-J58V orjson does not limit recursion for deeply nested JSON documents
The orjson.dumps function in orjson before 3.11.6 does not limit recursion for deeply nested JSON documents...
PYSEC-2026-107
The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...
CVE-2025-67221
The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...
CVE-2025-67221
The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...
PYSEC-2026-107
The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...
CVE-2025-67221
The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...
EUVD-2026-3806
The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...
CVE-2025-67221
CVE-2025-67221 concerns the orjson library: the orjson.dumps function in orjson up to version 3.11.4 fails to limit recursion for deeply nested JSON documents. The vulnerability is described across multiple sources (Red Hat, NVD, OSV, etc.), consistently stating that deeply nested JSON can trigge...
PT-2026-3955
Name of the Vulnerable Software and Affected Versions orjson versions through 3.11.4 Description The orjson.dumps function does not limit recursion when processing deeply nested JSON documents. This can lead to a denial of service. Recommendations Update to a version of orjson newer than 3.11.4...
CVE-2025-67221
The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...
CVE-2025-67221
The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...
CVE-2025-67221
The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...
bind security update
32:9.11.4-26.0.5.P2.16 - Resolve CVE-2025-40778 Orabug: 38699863 32:9.11.4-26.0.3.P2.16 - Resolve CVE-2024-11187 Orabug: 37616907 32:9.11.4-26.0.1.P2.16 - Resolve CVE-2024-1975 - Resolve CVE-2024-1737 - Add ability to change runtime limits for max types and records per name 32:9.11.4-26.P2.16 -...