SUSE-SU-2025:20514-1 Security update for protobuf

This update for protobuf fixes the following issues: - CVE-2025-4565: Fixed a crash due to RecursionError bsc1244663...

Security update for protobuf

This update for protobuf fixes the following issues: CVE-2025-4565: Fixed a crash due to RecursionError bsc1244663 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed f...

Medium: rust

Issue Overview: The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::codedinputstream::CodedInputStream::skipgroup parsing of unknown fields in untrusted input. CVE-2025-53605 Affected Packages: rust Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

Security Bulletin: IBM Sterling Connect:Direct Web Services uses commons-lang3 and is vulnerable to CVE-2025-48924

Summary IBM Sterling Connect:Direct Web Services is vulnerable to uncontrolled recursion vulnerability in Apache Commons Lang. This has been addressed in new build available from IBM Repository. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache...

CLSA-2025-1753801232 redis: Fix of CVE-2024-31228

CVE-2024-31228: fix unbounded recursion on supported commands by limiting pattern matching length...

SUSE CVE-2025-38459

In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix infinite recursive call of clippush. syzbot reported the splat below. 0 This happens if we call ioctlATMARPMKIP more than once. During the first call, clipmkip sets clippush to vcc-push, and the second call copies ...

The vulnerability of the MongoDB database management system server allows a hacker to cause a service failure.

The vulnerability of the MongoDB database management system server is related to an uncontrolled recursion. Exploiting this vulnerability allows a malicious actor to cause service interruptions remotely...

AZL-72941 CVE-2025-38459 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix infinite recursive call of clippush. syzbot reported the splat below. 0 This happens if we call ioctlATMARPMKIP more than once. During the first call, clipmkip sets clippush to vcc-push, and the second call copies ...

DEBIAN-CVE-2025-38459

In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix infinite recursive call of clippush. syzbot reported the splat below. 0 This happens if we call ioctlATMARPMKIP more than once. During the first call, clipmkip sets clippush to vcc-push, and the second call copies ...

CVE-2025-38459

In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix infinite recursive call of clippush. syzbot reported the splat below. 0 This happens if we call ioctlATMARPMKIP more than once. During the first call, clipmkip sets clippush to vcc-push, and the second call copies ...

AZL-65822 CVE-2025-38459 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix infinite recursive call of clippush. syzbot reported the splat below. 0 This happens if we call ioctlATMARPMKIP more than once. During the first call, clipmkip sets clippush to vcc-push, and the second call copies ...

CVE-2025-38459 atm: clip: Fix infinite recursive call of clip_push().

In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix infinite recursive call of clippush. syzbot reported the splat below. 0 This happens if we call ioctlATMARPMKIP more than once. During the first call, clipmkip sets clippush to vcc-push, and the second call copies ...

CVE-2025-38459

In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix infinite recursive call of clippush. syzbot reported the splat below. 0 This happens if we call ioctlATMARPMKIP more than once. During the first call, clipmkip sets clippush to vcc-push, and the second call copies ...

CVE-2025-38459 atm: clip: Fix infinite recursive call of clip_push().

In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix infinite recursive call of clippush. syzbot reported the splat below. 0 This happens if we call ioctlATMARPMKIP more than once. During the first call, clipmkip sets clippush to vcc-push, and the second call copies ...

CVE-2025-38459

CVE-2025-38459: Linux kernel ATM CLIP module vulnerability causing Denial of Service via infinite recursion in clip_push(). Root cause: second ATMARP_MKIP ioctl triggers recursion when vcc->old_push is used after first call; mitigation implemented by checking vcc->user_back (clip_vcc) and u...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an infinite recursive call problem in clippush...

The vulnerability of the ClassUtils.getClass() function in the Apache Commons Lang library for the Java programming language allows a attacker to trigger a denial-of-service attack.

The vulnerability of the ClassUtils.getClass method in the Apache Commons Lang library for the Java programming language is related to an uncontrolled recursion. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

Security Bulletin: IBM® Db2® federated server is vulnerable to unbounded recursions due to a vulnerability in protobuf-java (CVE-2024-7254).

Summary Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : protobuf (SUSE-SU-2025:02311-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02311-1 advisory. - CVE-2025-4565: Fix parsing of untrusted Protocol Buffers data containing an arbitrary number of...

Security update for protobuf

This update for protobuf fixes the following issues: CVE-2025-4565: Fix parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or messages that can lead to crash due to RecursionError bsc1244663. Patch Instructions: To install this SUSE update use the SUSE...