Lucene search
K

46 matches found

RedhatCVE
RedhatCVE
added 2026/06/29 4:59 a.m.10 views

CVE-2026-48712

A flaw was found in protobufjs. A remote attacker could exploit this by sending a crafted protobuf binary payload containing deeply nested 'Any' values. This uncontrolled recursion could exhaust the JavaScript call stack during conversion to JSON, leading to a Denial of Service DoS. Mitigation No...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in protobuf

There is a denial-of-service DoS vulnerability in the google.protobuf.jsonformat.ParseDict function in Python. This vulnerability allows for bypassing the maximum recursion depth when parsing nested google.protobuf.Any messages. Due to the lack of recursion depth accounting within the internal...

8.2CVSS6.6AI score0.00613EPSS
Exploits0References3
NVD
NVD
added 2026/06/22 6:16 p.m.9 views

CVE-2026-48712

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.6.1 and 8.4.1, protobufjs could recurse without a depth limit while converting decoded messages to plain objects or JSON. This affected generated toObject conversion and the custom google.protobuf.Any JSON conversio...

7.5CVSS0.00324EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/15 5:30 p.m.7 views

Uncontrolled Recursion

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Uncontrolled Recursion during the JSON conversion. An attacker can exhaust the call stack and cause the application to crash by supplying crafted protobuf binary data containi...

8.7CVSS6.1AI score0.00324EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 5:30 p.m.10 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion during the JSON conversion. An attacker can exhaust the call stack and cause the application to crash by supplying crafted protobuf binary data containing deeply nested Any values that are expanded during...

8.7CVSS5.9AI score0.00324EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.10 views

EulerOS 2.0 SP11 : protobuf (EulerOS-SA-2026-2260)

According to the versions of the protobuf packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypasse...

8.2CVSS6.5AI score0.00613EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.10 views

EulerOS 2.0 SP11 : protobuf (EulerOS-SA-2026-2223)

According to the versions of the protobuf packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypasse...

8.2CVSS6.5AI score0.00613EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.9 views

EulerOS 2.0 SP11 : linux-sgx (EulerOS-SA-2026-2216)

According to the versions of the linux-sgx packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypass...

8.2CVSS6.5AI score0.00613EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.9 views

EulerOS Virtualization 2.13.1 : protobuf (EulerOS-SA-2026-2143)

According to the versions of the protobuf packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit...

8.2CVSS5.6AI score0.00613EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.10 views

EulerOS Virtualization 2.10.1 : protobuf (EulerOS-SA-2026-2032)

According to the versions of the protobuf packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit...

8.2CVSS6.5AI score0.00613EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.9 views

EulerOS Virtualization 2.13.0 : protobuf (EulerOS-SA-2026-2182)

According to the versions of the protobuf packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit...

8.2CVSS6.5AI score0.00613EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.8 views

EulerOS Virtualization 2.12.0 : protobuf (EulerOS-SA-2026-2109)

According to the versions of the protobuf packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit...

8.2CVSS6.5AI score0.00613EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.10 views

EulerOS Virtualization 2.10.0 : protobuf (EulerOS-SA-2026-2059)

According to the versions of the protobuf packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit...

8.2CVSS6.5AI score0.00613EPSS
Exploits0References2
OSV
OSV
added 2026/04/29 12:45 a.m.4 views

SUSE-SU-2026:1653-1 Security update for protobuf

This update for protobuf fixes the following issues: Refresh fixes: - CVE-2025-4565: parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or messages can lead to crash due to RecursionError bsc1244663. - CVE-2026-0994: maxrecursiondepth limit can be bypass...

8.2CVSS5.7AI score0.00613EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/03/06 4:36 p.m.5 views

python: protobuf: Protobuf: Denial of Service due to recursion depth bypass

A flaw was found in protobuf. A remote attacker can exploit this denial-of-service DoS vulnerability by supplying deeply nested google.protobuf.Any messages to the google.protobuf.jsonformat.ParseDict function. This bypasses the intended recursion depth limit, leading to the exhaustion of Python’...

8.2CVSS5.8AI score0.00613EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.4 views

TencentOS Server 4: protobuf (TSSA-2026:0093)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0093 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

8.2CVSS6AI score0.00613EPSS
Exploits0References2
OSV
OSV
added 2026/02/28 12:44 p.m.7 views

OESA-2026-1432 protobuf security update

Security Fixes: A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an...

8.2CVSS5.9AI score0.00613EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/26 9:40 a.m.10 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for February 2026

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 2.1.0 IF002 Vulnerability Details CVEID:CVE-2026-1225 DESCRIPTION: ACE vulnerability in configuration file processing by QOS.CH logback-core up to a...

8.7CVSS6.6AI score0.00613EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2026/02/24 3:37 p.m.2 views

python: protobuf: Protobuf: Denial of Service due to recursion depth bypass

A flaw was found in protobuf. A remote attacker can exploit this denial-of-service DoS vulnerability by supplying deeply nested google.protobuf.Any messages to the google.protobuf.jsonformat.ParseDict function. This bypasses the intended recursion depth limit, leading to the exhaustion of Python’...

8.2CVSS5.8AI score0.00613EPSS
Exploits0References5
Oracle linux
Oracle linux
added 2026/02/23 12:0 a.m.7 views

protobuf security update

3.14.0-17 - Fix CVE-2026-0994: nested Any messages bypassing recursion depth limits...

8.2CVSS5.3AI score0.00613EPSS
Exploits0
Rows per page
Query Builder