EulerOS Virtualization 2.12.1 : protobuf (EulerOS-SA-2026-2084)

According to the versions of the protobuf packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses protobuf-4.21.12-cp37-abi3-manylinux2014_x86_64.whl and protobuf-4.25.7-cp37-abi3-manylinux2014_x86_64.whl which is vulnerable to CVE-2025-4565

Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses protobuf-4.21.12-cp37-abi3-manylinux2014x8664.whl and protobuf-4.25.7-cp37-abi3-manylinux2014x8664.whl which is vulnerable to CVE-2025-4565.This bulletin contains information addressing the vulnerability. Vulnerabili...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses google.golang.org/protobuf-v1.30.0, google.golang.org/protobuf-v1.31.0 which is vulnerable to CVE-2024-24786

Summary IBM Maximo Application Suite - Visual Inspection component uses google.golang.org/protobuf-v1.30.0, google.golang.org/protobuf-v1.31.0 which is vulnerable to CVE-2024-24786, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details...

SUSE SLED15 / SLES15 Security Update : protobuf (SUSE-SU-2026:1653-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1653-1 advisory. Refresh fixes: - CVE-2025-4565: parsing of untrusted Protocol Buffers data containing an arbitrary number of...

Withdrawn Advisory: Protobuf: Denial of Service issue through malicious messages containing negative varints or deep recursion

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-p2gh-cfq4-4wjc. This link is maintained to preserve external references. Original Description A Denial of Service DoS vulnerability exists in the Protobuf PHP library during the parsing of untrusted input...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and Dashboard operands are vulnerable to denial of service (CVE-2026-0994)

Summary Python module protobuf is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring and Dashboard operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.24 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.24 (RHSA-2026:4917)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:4917 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

RHEL 10 : protobuf (RHSA-2026:3218)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3218 advisory. The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can encode structured data in an efficient yet...

RHEL 9 : protobuf (RHSA-2026:3219)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3219 advisory. The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can encode structured data in an efficient yet...

RHEL 10 : protobuf (RHSA-2026:3094)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3094 advisory. The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can encode structured data in an efficient yet...

SUSE SLES15 Security Update : protobuf (SUSE-SU-2026:0563-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0563-1 advisory. - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python jsonformat.ParseDict bsc1257173. Tenable has extracted the...

a2a-sdk (=0.2.8), a3t (>=0.0.0 <=0.0.1) +409 more potentially affected by CVE-2026-0994 via protobuf (>=6.30.1 <=6.33.4)

protobuf PYPI version =6.30.1, =0.0.0, =1.0.1, =0.1.3, =2025.12.2.2, =0.1.0, =0.4.0, =0.0.1, =0.1.17, =1.0.0, =1.0.29, =25.6.0b2, =0.1.0, =0.3.0, =0.9.1 and more Source cves: CVE-2026-0994 Source advisory: OSV:GHSA-7GCM-G887-7QV7...

a2a-sdk (=0.2.8), a3t (>=0.0.0 <=0.0.1) +409 more potentially affected by CVE-2026-0994 via protobuf (>=6.30.1 <=6.33.4)

protobuf PYPI version =6.30.1, =0.0.0, =1.0.1, =0.1.3, =2025.12.2.2, =0.1.0, =0.4.0, =0.0.1, =0.1.17, =1.0.0, =1.0.29, =25.6.0b2, =0.1.0, =0.3.0, =0.9.1 and more Source cves: CVE-2026-0994 Source advisory: SNYK:PYTHON-PROTOBUF-15090738...

01os (=0.0.14), 0x-web3 (=5.0.0a5) +7363 more potentially affected by CVE-2026-0994 via protobuf (>=2.6.0 <=5.29.5)

protobuf PYPI version =2.6.0, =0.1.0, =0.1.0, =0.2.9, =0.0.5, =0.1.0, =0.1.0, =0.0.1, =0.1.2, =0.1.6, =0.2.0a0, =1.0.2, =2.3.5rc1 - abi-maker =0.1.0 and more Source cves: CVE-2026-0994 Source advisory: OSV:GHSA-7GCM-G887-7QV7...

MiracleLinux 9 : protobuf-3.14.0-16.el9 (AXSA:2025-10141:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10141:01 advisory. protobuf: message parsing vulnerability in ProtocolBuffers CVE-2022-1941 Tenable has extracted the preceding description block directly from the MiracleLinu...

EulerOS Virtualization 2.13.0 : protobuf (EulerOS-SA-2025-2594)

According to the versions of the protobuf packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of...

EulerOS Virtualization 2.13.1 : protobuf (EulerOS-SA-2025-2559)

According to the versions of the protobuf packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of...

Babylon Nil BlockHash in BLS vote extensions triggers panics in consensus handlers

Summary A vulnerability exists in Babylon’s BLS vote extension processing where a malicious active validator can submit a VoteExtension with the blockhash field omitted from the protobuf serialization. Because protobuf fields are optional, unmarshalling succeeds but leaves BlockHash as nil. Babyl...

TencentOS Server 4: protobuf (TSSA-2024:0556)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0556 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...