Lucene search
K

49 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/07/04 1:38 a.m.4 views

Security Bulletin: Due to the use of Google Go, IBM Cloud Pak Sys is affected by an infinite loop when unmarshaling certain forms of invalid JSON

Summary Vulnerability in Go used by Cloud Pak System CVE-2024-24786. Vulnerability Details CVEID:CVE-2024-24786 DESCRIPTION: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which...

7.5CVSS6.7AI score0.01262EPSS
Exploits0Affected Software2
RedHat Linux
RedHat Linux
added 2026/02/23 3:47 p.m.5 views

python: protobuf: Protobuf: Denial of Service due to recursion depth bypass

A flaw was found in protobuf. A remote attacker can exploit this denial-of-service DoS vulnerability by supplying deeply nested google.protobuf.Any messages to the google.protobuf.jsonformat.ParseDict function. This bypasses the intended recursion depth limit, leading to the exhaustion of Python’...

8.2CVSS5.8AI score0.00613EPSS
Exploits0References5
OSV
OSV
added 2026/02/16 4:19 p.m.5 views

SUSE-SU-2026:0563-1 Security update for protobuf

This update for protobuf fixes the following issues: - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict bsc1257173...

8.2CVSS5.3AI score0.00613EPSS
Exploits0References3
OSV
OSV
added 2026/02/14 8:25 a.m.2 views

SUSE-SU-2026:0517-1 Security update for protobuf

This update for protobuf fixes the following issues: - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict bsc1257173...

8.2CVSS5.8AI score0.00613EPSS
Exploits0References3
OSV
OSV
added 2026/02/13 4:56 p.m.3 views

SUSE-SU-2026:20352-1 Security update for protobuf

This update for protobuf fixes the following issues: - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict bsc1257173...

8.2CVSS5.8AI score0.00613EPSS
Exploits0References3
OSV
OSV
added 2026/02/04 7:3 a.m.2 views

SUSE-SU-2026:0374-1 Security update for protobuf

This update for protobuf fixes the following issues: - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict bsc1257173...

8.2CVSS5.8AI score0.00613EPSS
Exploits0References3
Snyk
Snyk
added 2026/01/23 3:31 p.m.3 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the ParseDict function, when handling deeply nested google.protobuf.Any messages. An attacker can bypass maxrecursiondepth to exhaust the recursion stack and trigger a RecursionError. Remediation Upgrade protob...

8.2CVSS6.4AI score0.00613EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/04/18 2:8 a.m.4 views

golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON

A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. Thi...

7.5CVSS6.7AI score0.01262EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2024/04/02 9:42 p.m.4 views

golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON

A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. Thi...

7.5CVSS6.7AI score0.01262EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2024/03/18 3:26 a.m.5 views

SUSE CVE-2024-24786

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

7.5CVSS7.1AI score0.01262EPSS
Exploits0References19
OSV
OSV
added 2024/03/05 11:15 p.m.7 views

AZL-35662 CVE-2024-24786 affecting package kubernetes for versions less than 1.30.1-1

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

7.5CVSS6.6AI score0.01262EPSS
Exploits0References1
OSV
OSV
added 2024/03/05 11:15 p.m.8 views

AZL-35578 CVE-2024-24786 affecting package kata-containers-cc for versions less than 3.2.0.azl2-1

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

7.5CVSS6.6AI score0.01262EPSS
Exploits0References1
OSV
OSV
added 2024/03/05 11:15 p.m.6 views

AZL-35642 CVE-2024-24786 affecting package docker-cli for versions less than 25.0.3-2

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

7.5CVSS6.7AI score0.01262EPSS
Exploits0References1
OSV
OSV
added 2024/03/05 11:15 p.m.8 views

AZL-35637 CVE-2024-24786 affecting package containerd for versions less than 1.7.13-5

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

7.5CVSS6.7AI score0.01262EPSS
Exploits0References1
OSV
OSV
added 2024/03/05 11:15 p.m.8 views

AZL-35601 CVE-2024-24786 affecting package vitess for versions less than 17.0.7-1

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

7.5CVSS6.7AI score0.01262EPSS
Exploits0References1
OSV
OSV
added 2024/03/05 11:15 p.m.7 views

AZL-35660 CVE-2024-24786 affecting package keda for versions less than 2.14.0-1

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

7.5CVSS6.7AI score0.01262EPSS
Exploits0References1
OSV
OSV
added 2024/03/05 11:15 p.m.7 views

AZL-35583 CVE-2024-24786 affecting package moby-compose for versions less than 2.17.3-5

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

7.5CVSS6.6AI score0.01262EPSS
Exploits0References1
OSV
OSV
added 2024/03/05 11:15 p.m.8 views

AZL-35584 CVE-2024-24786 affecting package moby-containerd for versions less than 1.6.26-8

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

7.5CVSS6.6AI score0.01262EPSS
Exploits0References1
OSV
OSV
added 2024/03/05 11:15 p.m.7 views

AZL-35634 CVE-2024-24786 affecting package blobfuse2 for versions less than 2.3.0-1

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

7.5CVSS6.7AI score0.01262EPSS
Exploits0References1
OSV
OSV
added 2024/03/05 11:15 p.m.7 views

AZL-35665 CVE-2024-24786 affecting package moby-containerd-cc for versions less than 1.7.7-5

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

7.5CVSS6.6AI score0.01262EPSS
Exploits0References1
Rows per page
Query Builder