5242 matches found
Uncontrolled Recursion
Overview protobuf is a Google’s data interchange format Affected versions of this package are vulnerable to Uncontrolled Recursion when parsing untrusted Protocol Buffers data containing an excessive number of recursive groups, recursive messages, or a series of SGROUP tags. An attacker can provi...
AZL-64116 CVE-2025-4565 affecting package protobuf for versions less than 3.17.3-4
Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashin...
CVE-2025-4565
Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashin...
AZL-64145 CVE-2025-4565 affecting package protobuf for versions less than 25.3-5
Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashin...
CVE-2025-4565
Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashin...
DEBIAN-CVE-2025-4565
Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashin...
CVE-2025-4565 Unbounded recursion in Python Protobuf
Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashin...
CVE-2025-4565
CVE-2025-4565 affects the Protobuf Python backend (pure-Python) when parsing untrusted data with recursive groups/messages or SGROUP tags, potentially causing denial of service via RecursionError. Public details in connected documents specify a fix path: upgrade to protobuf 6.31.1 or newer (commi...
ALSA-2025:9121 Moderate: wireshark security update
The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Security Fixes: wireshark: Uncontrolled Recursion in Wireshark CVE-2025-1492 For more details about the security issues, including the impact, a CVSS score,...
Protobuf Pure-Python 安全漏洞
Protobuf Pure-Python is a Google data exchange format open-sourced by Protobuf. A security vulnerability exists in Protobuf Pure-Python that stems from exceeding the Python recursion limit when parsing recursive data, which could lead to a denial of service attack...
RHEL 10 : wireshark (RHSA-2025:9121)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:9121 advisory. The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Security Fixes:...
Security update for helm-mirror
This update for helm-mirror fixes the following issues: CVE-2025-32386: Fixed denial of service due to memory exhaustion after loading a specially crafter chart bsc1241028 CVE-2025-32387: Fixed stack overflow due to parser recursion that can exceed the stack size limit bsc1241031 Patch...
USN-7552-1 wireshark vulnerabilities
It was discovered that Wireshark did not correctly handle recursion. If a user or system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and...
Denial of Service(DOS) in JSONReader
Description There exists a denial of service vulnerabilityDOS that occurs by python hitting max recursion depth while parsing a deeply nested json file using JSONReader. Vulnerable piece of code...
BIT-JENKINS-2021-43859 Denial of Service by injecting highly recursive collections or maps in XStream
XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulatin...
CVE-2024-42369
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This...
CVE-2024-38443
C/sorting/binaryinsertionsort.c in The Algorithms - C through e5dad3f has a segmentation fault for deep recursion, which may affect common use cases such as sorting an array of 50 elements...
CVE-2024-2965
A Denial-of-Service DoS vulnerability exists in the SitemapLoader class of the langchain-ai/langchain repository, affecting all versions. The parsesitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the...
CVE-2023-31794
MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdfmarklistpush. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted PDF file...
CVE-2023-31893
Telefnica Brasil Vivo Play IPTV Firmware: 2023.04.04.01.06.15 is vulnerable to Denial of Service DoS via DNS Recursion...