10 matches found
Uncontrolled Recursion
Overview Affected versions of this package are vulnerable to Uncontrolled Recursion during the JSON conversion. An attacker can exhaust the call stack and cause the application to crash by supplying crafted protobuf binary data containing deeply nested Any values that are expanded during...
Uncontrolled Recursion
Overview protobufjs-cli is a Translates between file formats and generates static code as well as TypeScript definitions. Affected versions of this package are vulnerable to Uncontrolled Recursion through unbounded recursion when decoding nested message fields. An attacker can exhaust the call...
protobuf.js: Denial of service through unbounded protobuf recursion
Summary protobufjs could recurse without a depth limit while decoding nested protobuf data. This affected both skipping unknown group fields and generated decoding of nested message fields. A crafted protobuf binary payload could cause the JavaScript call stack to be exhausted during decoding...
Improper Handling of Unicode Encoding
Overview Affected versions of this package are vulnerable to Improper Handling of Unicode Encoding in the decoding of overlong UTF-8 strings. An attacker can bypass application-level byte filtering or validation by sending malicious sequences that decode to canonical characters. This is only...
PT-2026-40535
Name of the Vulnerable Software and Affected Versions protobufjs versions prior to 7.5.6 protobufjs versions prior to 8.0.2 Description protobufjs can recurse without a depth limit while decoding nested protobuf data, specifically when skipping unknown group fields and during the generated decodi...
[SECURITY] Fedora 43 Update: mirrorlist-server-3.0.8-3.fc43
The mirrorlist-server uses the data created by MirrorManager2 https://github.com/fedora-infra/mirrormanager2 to answer client request for the "best" mirror. This implementation of the mirrorlist-server is written in Rust. The original version of the mirrorlist-server was part of the MirrorManager...
[SECURITY] Fedora 42 Update: mirrorlist-server-3.0.8-1.fc42
The mirrorlist-server uses the data created by MirrorManager2 https://github.com/fedora-infra/mirrormanager2 to answer client request for the "best" mirror. This implementation of the mirrorlist-server is written in Rust. The original version of the mirrorlist-server was part of the MirrorManager...
[SECURITY] Fedora 41 Update: mirrorlist-server-3.0.8-1.fc41
The mirrorlist-server uses the data created by MirrorManager2 https://github.com/fedora-infra/mirrormanager2 to answer client request for the "best" mirror. This implementation of the mirrorlist-server is written in Rust. The original version of the mirrorlist-server was part of the MirrorManager...
📄 Meshtastic Buffer Overflow
A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not require authentication or user interaction, as long as...
CVE-2025-24797 Meshtastic incorrectly hands malformed packets leads to controlled buffer overflow
Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not...