Lucene search
K

49 matches found

IBM Security Bulletins
IBM Security Bulletins
added 6 days ago4 views

Security Bulletin: Due to the use of Google Go, IBM Cloud Pak Sys is affected by an infinite loop when unmarshaling certain forms of invalid JSON

Summary Vulnerability in Go used by Cloud Pak System CVE-2024-24786. Vulnerability Details CVEID:CVE-2024-24786 DESCRIPTION: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which...

7.5CVSS6.7AI score0.01262EPSS
Exploits0Affected Software2
RedHat Linux
RedHat Linux
added 2026/02/23 3:47 p.m.5 views

python: protobuf: Protobuf: Denial of Service due to recursion depth bypass

A flaw was found in protobuf. A remote attacker can exploit this denial-of-service DoS vulnerability by supplying deeply nested google.protobuf.Any messages to the google.protobuf.jsonformat.ParseDict function. This bypasses the intended recursion depth limit, leading to the exhaustion of Python’...

8.2CVSS5.8AI score0.00613EPSS
Exploits0References5
OSV
OSV
added 2026/02/16 4:19 p.m.5 views

SUSE-SU-2026:0563-1 Security update for protobuf

This update for protobuf fixes the following issues: - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict bsc1257173...

8.2CVSS5.3AI score0.00613EPSS
Exploits0References3
OSV
OSV
added 2026/02/14 8:25 a.m.2 views

SUSE-SU-2026:0517-1 Security update for protobuf

This update for protobuf fixes the following issues: - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict bsc1257173...

8.2CVSS5.8AI score0.00613EPSS
Exploits0References3
OSV
OSV
added 2026/02/13 4:56 p.m.3 views

SUSE-SU-2026:20352-1 Security update for protobuf

This update for protobuf fixes the following issues: - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict bsc1257173...

8.2CVSS5.8AI score0.00613EPSS
Exploits0References3
OSV
OSV
added 2026/02/04 7:3 a.m.2 views

SUSE-SU-2026:0374-1 Security update for protobuf

This update for protobuf fixes the following issues: - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict bsc1257173...

8.2CVSS5.8AI score0.00613EPSS
Exploits0References3
Snyk
Snyk
added 2026/01/23 3:31 p.m.3 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the ParseDict function, when handling deeply nested google.protobuf.Any messages. An attacker can bypass maxrecursiondepth to exhaust the recursion stack and trigger a RecursionError. Remediation Upgrade protob...

8.2CVSS6.4AI score0.00613EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/04/18 2:8 a.m.4 views

golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON

A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. Thi...

7.5CVSS6.7AI score0.01262EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2024/04/02 9:42 p.m.4 views

golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON

A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. Thi...

7.5CVSS6.7AI score0.01262EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2024/03/18 3:26 a.m.5 views

SUSE CVE-2024-24786

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

7.5CVSS7.1AI score0.01262EPSS
Exploits0References19
OSV
OSV
added 2024/03/05 11:15 p.m.7 views

AZL-35578 CVE-2024-24786 affecting package kata-containers-cc for versions less than 3.2.0.azl2-1

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

7.5CVSS6.6AI score0.01262EPSS
Exploits0References1
OSV
OSV
added 2024/03/05 11:15 p.m.10 views

AZL-35591 CVE-2024-24786 affecting package opa for versions less than 0.63.0-1

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

7.5CVSS6.7AI score0.01262EPSS
Exploits0References1
OSV
OSV
added 2024/03/05 11:15 p.m.6 views

AZL-39975 CVE-2024-24786 affecting package moby-engine for versions less than 24.0.9-13

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

7.5CVSS6.7AI score0.01262EPSS
Exploits0References1
OSV
OSV
added 2024/03/05 11:15 p.m.7 views

AZL-35560 CVE-2024-24786 affecting package coredns for versions less than 1.11.1-12

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

7.5CVSS6.7AI score0.01262EPSS
Exploits0References1
OSV
OSV
added 2024/03/05 11:15 p.m.8 views

AZL-35637 CVE-2024-24786 affecting package containerd for versions less than 1.7.13-5

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

7.5CVSS6.7AI score0.01262EPSS
Exploits0References1
OSV
OSV
added 2024/03/05 11:15 p.m.4 views

AZL-35576 CVE-2024-24786 affecting package influxdb for versions less than 2.6.1-18

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

7.5CVSS6.7AI score0.01262EPSS
Exploits0References1
OSV
OSV
added 2024/03/05 11:15 p.m.7 views

AZL-35660 CVE-2024-24786 affecting package keda for versions less than 2.14.0-1

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

7.5CVSS6.7AI score0.01262EPSS
Exploits0References1
OSV
OSV
added 2024/03/05 11:15 p.m.8 views

AZL-35556 CVE-2024-24786 affecting package cert-manager for versions less than 1.11.2-14

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

7.5CVSS6.7AI score0.01262EPSS
Exploits0References1
OSV
OSV
added 2024/03/05 11:15 p.m.5 views

AZL-35643 CVE-2024-24786 affecting package docker-compose for versions less than 2.27.0-1

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

7.5CVSS6.7AI score0.01262EPSS
Exploits0References1
OSV
OSV
added 2024/03/05 11:15 p.m.4 views

AZL-35651 CVE-2024-24786 affecting package gh for versions less than 2.62.0-1

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

7.5CVSS6.7AI score0.01262EPSS
Exploits0References1
Rows per page
Query Builder