Lucene search
+L

25 matches found

redhatcve
redhatcve
added 2026/06/05 7:17 p.m.11 views

CVE-2026-6409

A Denial of Service DoS vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the application, impacting service availability...

7.1CVSS5.4AI score0.0036EPSS
Exploits0References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in protobuf

A parsing vulnerability exists for the MessageSet type in ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1, and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1, and 4.21.5 for protobuf-python. A specially...

7.5CVSS6.8AI score0.01191EPSS
Exploits0References2
patchstack
patchstack
added 2026/05/12 3:1 p.m.13 views

NPM: protobuf.js: Denial of service through unbounded protobuf recursion

NPM: protobuf.js: Denial of service through unbounded protobuf recursion vulnerability discovered by ? in WordPress Npm protobufjs versions = 7.5.5...

7.5CVSS5.8AI score0.0058EPSS
Exploits0References5Affected Software1
osv
osv
added 2026/04/16 3:31 p.m.6 views

GHSA-QJFJ-3MM5-VRJG Withdrawn Advisory: Protobuf: Denial of Service issue through malicious messages containing negative varints or deep recursion

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-p2gh-cfq4-4wjc. This link is maintained to preserve external references. Original Description A Denial of Service DoS vulnerability exists in the Protobuf PHP library during the parsing of untrusted input...

7.1CVSS5.7AI score0.0036EPSS
Exploits0References2
nvd
nvd
added 2026/04/16 3:17 p.m.5 views

CVE-2026-6409

A Denial of Service DoS vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the application, impacting service availability...

7.1CVSS0.0036EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2026/04/16 3:17 p.m.9 views

CVE-2026-6409

A Denial of Service DoS vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the application, impacting service availability...

7.1CVSS5.8AI score0.0036EPSS
Exploits0References2
debiancve
debiancve
added 2026/04/16 2:30 p.m.10 views

CVE-2026-6409

A Denial of Service DoS vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the application, impacting service availability...

7.1CVSS5.3AI score0.0036EPSS
Exploits0
attackerkb
attackerkb
added 2026/04/16 2:30 p.m.3 views

CVE-2026-6409

A Denial of Service DoS vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the application, impacting service availability...

7.1CVSS5.8AI score0.0036EPSS
Exploits0References2
cvelist
cvelist
added 2026/04/16 2:30 p.m.31 views

CVE-2026-6409 Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input

A Denial of Service DoS vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the application, impacting service availability...

7.1CVSS0.0036EPSS
Exploits0References1
nessus
nessus
added 2026/04/16 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-6409

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Denial of Service DoS vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messagesspecifically thos...

7.1CVSS7AI score0.0036EPSS
Exploits0References3
github
github
added 2026/03/25 9:2 p.m.5 views

Protobuf: Denial of Service issue through malicious messages containing negative varints or deep recursion

Impact A Denial of Service DoS vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the application, impacting service availability. Patches...

7.1CVSS5.8AI score0.0036EPSS
Exploits0References7Affected Software1
ibm
ibm
added 2026/03/03 6:49 a.m.7 views

Security Bulletin: IBM Maximo Application Suite uses pyasn1-0.6.1, protobuf-6.33.4-cp39-abi3-manylinux2014_x86_64, urllib3-2.5.0-py3-none-any, database/sql 1.24.4 and weasyprint-67.0-py3-none-any.

Summary Security Bulletin: IBM Maximo Application Suite uses pyasn1-0.6.1, protobuf-6.33.4-cp39-abi3-manylinux2014x8664, urllib3-2.5.0-py3-none-any, database/sql 1.24.4 and weasyprint-67.0-py3-none-any which is vulnerable to CVE-2026-23490, CVE-2026-0994, CVE-2025-66418, CVE-2025-66471,...

8.9CVSS6AI score0.00679EPSS
Exploits2Affected Software1
osv
osv
added 2026/02/24 10:14 a.m.5 views

RHSA-2026:3097 Red Hat Security Advisory: protobuf security update

Bulletin has no description...

7.5CVSS5.1AI score0.00613EPSS
Exploits0References8
osv
osv
added 2025/09/04 8:25 p.m.7 views

CLSA-2025-1757017511 protobuf: Fix of CVE-2024-7254

CVE-2024-7254: prevent stack overflow by limiting recursion depth when parsing nested Protocol Buffers data...

8.7CVSS6.9AI score0.02772EPSS
Exploits1References1
osv
osv
added 2025/06/16 3:15 p.m.7 views

AZL-64145 CVE-2025-4565 affecting package protobuf for versions less than 25.3-5

Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashin...

8.2CVSS6.8AI score0.00281EPSS
Exploits0References1
mscve
mscve
added 2024/03/08 8:0 a.m.6 views

Infinite loop in JSON unmarshaling in google.golang.org/protobuf

...

7.5CVSS6.7AI score0.01262EPSS
Exploits0
susecve
susecve
added 2023/07/07 2:18 a.m.6 views

SUSE CVE-2023-36665

"protobuf.js aka protobufjs 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions...

9.8CVSS9.3AI score0.01683EPSS
Exploits1References3
attackerkb
attackerkb
added 2023/07/05 2:15 p.m.2 views

CVE-2023-36665

"protobuf.js aka protobufjs 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions...

9.8CVSS7.2AI score0.02071EPSS
Exploits2References7
susecve
susecve
added 2023/04/14 1:52 a.m.3 views

SUSE CVE-2022-48468

protobuf-c before 1.4.1 has an unsigned integer overflow in parserequiredmember...

7.5CVSS7.9AI score0.00369EPSS
Exploits0References12
snyk
snyk
added 2022/09/23 8:39 a.m.2 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the MessageSet type, by allowing an attacker to send specially crafted message with multiple key-value per elements, therefore creating parsing issues against services which receive unsanitized input. Details...

7.5CVSS7.2AI score0.01191EPSS
Exploits0References2
Rows per page
Query Builder