1401 matches found
protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors
A flaw was found in protobufjs, a library used to compile protobuf definitions into JavaScript functions. A remote attacker could exploit this vulnerability by providing a crafted descriptor that includes a non-string default value for a bytes field. This could lead to the generation of an unsafe...
ROOT-APP-PYPI-CVE-2025-4565 CVE-2025-4565 in rootio-protobuf - Patched by Root
Root has patched CVE-2025-4565 in the rootio-protobuf package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2026-0994 CVE-2026-0994 in rootio-protobuf - Patched by Root
Root has patched CVE-2026-0994 in the rootio-protobuf package for Root:PyPI. Multiple fixed versions available...
Security Bulletin: Due to the use of Google Go, IBM Cloud Pak Sys is affected by an infinite loop when unmarshaling certain forms of invalid JSON
Summary Vulnerability in Go used by Cloud Pak System CVE-2024-24786. Vulnerability Details CVEID:CVE-2024-24786 DESCRIPTION: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which...
PT-2026-54519
Name of the Vulnerable Software and Affected Versions buffa affected versions not specified Description The buffa protobuf decoder contains a memory-amplification issue. A malformed message can cause the library to consume up to 22 times the expected amount of RAM, leading to a denial of service...
CVE-2026-54269
A flaw was found in protobufjs, a JavaScript JS library for compiling protobuf definitions. A remote attacker could exploit this vulnerability by providing specially crafted protobuf definitions or message types that contain names colliding with internal protobufjs runtime helpers. This could lea...
RLSA-2023:6621 Moderate: protobuf-c security update
The protobuf-c packages provide C bindings for Google's Protocol Buffers. Security Fixes: protobuf-c: unsigned integer overflow in parserequiredmember CVE-2022-48468 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, ref...
protobuf-c security update
An update is available for protobuf-c. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The protobuf-c packages provide C bindings for Google's Protocol Buffers...
Astra Linux – Vulnerability in protobuf
There is a denial-of-service DoS vulnerability in the google.protobuf.jsonformat.ParseDict function in Python. This vulnerability allows for bypassing the maximum recursion depth when parsing nested google.protobuf.Any messages. Due to the lack of recursion depth accounting within the internal...
Security Bulletin: The Network Threat Analytics App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. Network Threat Analytics App for IBM QRadar SIEM has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2026-0994 DESCRIPTION: A...
CVE-2026-48137
There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially resulting in remote code execution. Successful exploitation requires an attacker to supply a specially...
MAL-2026-6148 Malicious code in async-protobuf-av (npm)
The npm package async-protobuf-av published by npm user sproger, [email protected] is a deceptive React Native component and part of a coordinated 37-package campaign across two attacker-controlled domains surrprisingcoompanny.lol and barbellmate.xyz. On component mount it registers...
EEF-CVE-2026-48599 Authorization bypass via path binding override in elixir-grpc/grpc HTTP transcoding
Summary Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In...
EUVD-2026-37013
Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In...
GHSA-PR59-H9PH-3FR8 protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names
Summary A previous fix for unsafe name handling in pbjs static / static-module code generation was incomplete. Affected versions of protobufjs-cli could still emit unsafe JavaScript references when generating static output from crafted JSON descriptor input. The common case of parsing schemas fro...
Uncontrolled Recursion
Overview Affected versions of this package are vulnerable to Uncontrolled Recursion during the JSON conversion. An attacker can exhaust the call stack and cause the application to crash by supplying crafted protobuf binary data containing deeply nested Any values that are expanded during...
CVE-2026-52756
Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operations without validation. Remote attackers can connect to port 54321 and send crafted protobuf message...
CVE-2026-52756
Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operations without validation. Remote attackers can connect to port 54321 and send crafted protobuf message...
CVE-2026-52756 Ghidra < 12.2 - Unauthenticated Path Traversal in Debugger ISF Server
Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operations without validation. Remote attackers can connect to port 54321 and send crafted protobuf message...
EUVD-2026-36015
Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operations without validation. Remote attackers can connect to port 54321 and send crafted protobuf message...