3941 matches found
CVE-2025-71161 dm-verity: disable recursive forward error correction
In the Linux kernel, the following vulnerability has been resolved: dm-verity: disable recursive forward error correction There are two problems with the recursive correction: 1. It may cause denial-of-service. In fecreadbufs, there is a loop that has 253 iterations. For each iteration, we may ca...
CVE-2026-0994
A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...
AZL-76505 CVE-2026-0994 affecting package pytorch for versions less than 2.0.0-14
A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...
AZL-76481 CVE-2026-0994 affecting package mysql for versions less than 8.0.45-2
A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...
AZL-76602 CVE-2026-0994 affecting package pytorch for versions less than 2.2.2-12
A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...
AZL-75830 CVE-2026-0994 affecting package protobuf for versions less than 25.3-6
A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...
CVE-2026-0994
A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...
CVE-2026-0994 Denial of Service in Python Protobuf
A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...
CVE-2026-0994
CVE-2026-0994 affects google.protobuf.json_format.ParseDict() in Python. The root cause is missing recursion depth accounting inside the internal Any-handling logic, allowing crafting deeply nested google.protobuf.Any structures to bypass the max_recursion_depth limit, exhausting Python’s recursi...
CVE-2026-0994 Denial of Service in Python Protobuf
A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...
CVE-2026-0994
A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...
SUSE CVE-2025-67221
The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...
Google Protobuf security vulnerabilities
Google Protobuf is a data exchange format developed by Google, Inc. of the United States. There is a security vulnerability in Google Protobuf. This vulnerability stems from the google.protobuf.jsonformat.ParseDict function, which can bypass the maxrecursiondepth limit when parsing nested...
Linux Distros Unpatched Vulnerability : CVE-2026-0994
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing...
orjson does not limit recursion for deeply nested JSON documents
The orjson.dumps function in orjson before 3.11.6 does not limit recursion for deeply nested JSON documents...
GHSA-HX9Q-6W63-J58V orjson does not limit recursion for deeply nested JSON documents
The orjson.dumps function in orjson before 3.11.6 does not limit recursion for deeply nested JSON documents...
GHSA-3J22-8QJ3-26MX Seroval affected by Denial of Service via Deeply Nested Objects
Serialization of objects with extreme depth can exceed the maximum call stack limit. Mitigation: Seroval introduces a depthLimit parameter in serialization/deserialization methods. An error will be thrown if the depth limit is reached...
Seroval affected by Denial of Service via Deeply Nested Objects
Serialization of objects with extreme depth can exceed the maximum call stack limit. Mitigation: Seroval introduces a depthLimit parameter in serialization/deserialization methods. An error will be thrown if the depth limit is reached...
PYSEC-2026-107
The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...
CVE-2025-67221
The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...