Lucene search
K

10 matches found

Snyk
Snyk
added 2026/06/15 5:30 p.m.10 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion during the JSON conversion. An attacker can exhaust the call stack and cause the application to crash by supplying crafted protobuf binary data containing deeply nested Any values that are expanded during...

8.7CVSS5.9AI score0.00324EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 3:1 p.m.12 views

Uncontrolled Recursion

Overview protobufjs-cli is a Translates between file formats and generates static code as well as TypeScript definitions. Affected versions of this package are vulnerable to Uncontrolled Recursion through unbounded recursion when decoding nested message fields. An attacker can exhaust the call...

8.7CVSS5.9AI score0.0058EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/12 3:1 p.m.59 views

protobuf.js: Denial of service through unbounded protobuf recursion

Summary protobufjs could recurse without a depth limit while decoding nested protobuf data. This affected both skipping unknown group fields and generated decoding of nested message fields. A crafted protobuf binary payload could cause the JavaScript call stack to be exhausted during decoding...

7.5CVSS5.7AI score0.0058EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/05/12 3:0 p.m.10 views

Improper Handling of Unicode Encoding

Overview Affected versions of this package are vulnerable to Improper Handling of Unicode Encoding in the decoding of overlong UTF-8 strings. An attacker can bypass application-level byte filtering or validation by sending malicious sequences that decode to canonical characters. This is only...

6.9CVSS5.8AI score0.00301EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.13 views

PT-2026-40535

Name of the Vulnerable Software and Affected Versions protobufjs versions prior to 7.5.6 protobufjs versions prior to 8.0.2 Description protobufjs can recurse without a depth limit while decoding nested protobuf data, specifically when skipping unknown group fields and during the generated decodi...

7.5CVSS5.8AI score0.0058EPSS
Exploits0References7
Fedora
Fedora
added 2026/02/10 1:34 a.m.9 views

[SECURITY] Fedora 43 Update: mirrorlist-server-3.0.8-3.fc43

The mirrorlist-server uses the data created by MirrorManager2 https://github.com/fedora-infra/mirrormanager2 to answer client request for the "best" mirror. This implementation of the mirrorlist-server is written in Rust. The original version of the mirrorlist-server was part of the MirrorManager...

7.5CVSS5.7AI score0.00443EPSS
Exploits1
Fedora
Fedora
added 2025/10/15 1:1 a.m.9 views

[SECURITY] Fedora 42 Update: mirrorlist-server-3.0.8-1.fc42

The mirrorlist-server uses the data created by MirrorManager2 https://github.com/fedora-infra/mirrormanager2 to answer client request for the "best" mirror. This implementation of the mirrorlist-server is written in Rust. The original version of the mirrorlist-server was part of the MirrorManager...

5.9CVSS6.9AI score0.0038EPSS
Exploits0
Fedora
Fedora
added 2025/10/09 1:15 a.m.8 views

[SECURITY] Fedora 41 Update: mirrorlist-server-3.0.8-1.fc41

The mirrorlist-server uses the data created by MirrorManager2 https://github.com/fedora-infra/mirrormanager2 to answer client request for the "best" mirror. This implementation of the mirrorlist-server is written in Rust. The original version of the mirrorlist-server was part of the MirrorManager...

5.9CVSS6.9AI score0.0038EPSS
Exploits0
Packet Storm
Packet Storm
added 2025/04/17 12:0 a.m.482 views

📄 Meshtastic Buffer Overflow

A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not require authentication or user interaction, as long as...

9.4CVSS8.3AI score0.00829EPSS
Exploits2
OSV
OSV
added 2025/04/14 11:25 p.m.7 views

CVE-2025-24797 Meshtastic incorrectly hands malformed packets leads to controlled buffer overflow

Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not...

9.4CVSS8.5AI score0.00829EPSS
Exploits2References3
Rows per page
Query Builder