49 matches found
Security Bulletin: Due to the use of Google Go, IBM Cloud Pak Sys is affected by an infinite loop when unmarshaling certain forms of invalid JSON
Summary Vulnerability in Go used by Cloud Pak System CVE-2024-24786. Vulnerability Details CVEID:CVE-2024-24786 DESCRIPTION: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which...
python: protobuf: Protobuf: Denial of Service due to recursion depth bypass
A flaw was found in protobuf. A remote attacker can exploit this denial-of-service DoS vulnerability by supplying deeply nested google.protobuf.Any messages to the google.protobuf.jsonformat.ParseDict function. This bypasses the intended recursion depth limit, leading to the exhaustion of Python’...
SUSE-SU-2026:0563-1 Security update for protobuf
This update for protobuf fixes the following issues: - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict bsc1257173...
SUSE-SU-2026:0517-1 Security update for protobuf
This update for protobuf fixes the following issues: - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict bsc1257173...
SUSE-SU-2026:20352-1 Security update for protobuf
This update for protobuf fixes the following issues: - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict bsc1257173...
SUSE-SU-2026:0374-1 Security update for protobuf
This update for protobuf fixes the following issues: - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict bsc1257173...
Uncontrolled Recursion
Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the ParseDict function, when handling deeply nested google.protobuf.Any messages. An attacker can bypass maxrecursiondepth to exhaust the recursion stack and trigger a RecursionError. Remediation Upgrade protob...
golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON
A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. Thi...
golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON
A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. Thi...
SUSE CVE-2024-24786
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
AZL-35642 CVE-2024-24786 affecting package docker-cli for versions less than 25.0.3-2
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
AZL-35662 CVE-2024-24786 affecting package kubernetes for versions less than 1.30.1-1
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
AZL-35637 CVE-2024-24786 affecting package containerd for versions less than 1.7.13-5
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
AZL-35665 CVE-2024-24786 affecting package moby-containerd-cc for versions less than 1.7.7-5
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
AZL-35583 CVE-2024-24786 affecting package moby-compose for versions less than 2.17.3-5
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
AZL-35651 CVE-2024-24786 affecting package gh for versions less than 2.62.0-1
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
AZL-35582 CVE-2024-24786 affecting package moby-buildx for versions less than 0.7.1-24
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
AZL-35560 CVE-2024-24786 affecting package coredns for versions less than 1.11.1-12
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
AZL-35556 CVE-2024-24786 affecting package cert-manager for versions less than 1.11.2-14
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
AZL-35580 CVE-2024-24786 affecting package kubernetes for versions less than 1.28.4-12
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...