89 matches found
OESA-2025-1799 protobuf security update
Security Fixes: Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of...
OESA-2025-1798 protobuf security update
Security Fixes: Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of...
OESA-2025-1714 protobuf security update
Security Fixes: Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of...
OESA-2025-1713 protobuf security update
Security Fixes: Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of...
Denial Of Service (DoS)
Protobuf is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of deeply nested or recursive structures in the Pure-Python backend, leading to a RecursionError...
SUSE CVE-2025-4565
Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashin...
GHSA-8QVM-5X2C-J2W7 protobuf-python has a potential Denial of Service issue
Summary Any project that uses Protobuf pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. Reporter: Alexis Challande, Trail of Bits...
Uncontrolled Recursion
Overview protobuf is a Google’s data interchange format Affected versions of this package are vulnerable to Uncontrolled Recursion when parsing untrusted Protocol Buffers data containing an excessive number of recursive groups, recursive messages, or a series of SGROUP tags. An attacker can provi...
CVE-2025-4565
Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashin...
AZL-64116 CVE-2025-4565 affecting package protobuf for versions less than 3.17.3-4
Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashin...
DEBIAN-CVE-2025-4565
Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashin...
UBUNTU-CVE-2025-4565
Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashin...
CVE-2025-4565 Unbounded recursion in Python Protobuf
Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashin...
Protobuf Pure-Python 安全漏洞
Protobuf Pure-Python is a Google data exchange format open-sourced by Protobuf. A security vulnerability exists in Protobuf Pure-Python that stems from exceeding the Python recursion limit when parsing recursive data, which could lead to a denial of service attack...
CVE-2024-3219
The “socket” module provides a pure-Python fallback to the socket.socketpair function for platforms that don’t support AFUNIX, such as Windows. This pure-Python implementation uses AFINET or AFINET6 to create a local connected pair of sockets. The connection between the two sockets was not verifi...
OESA-2025-1045 python-aiohttp security update
Async http client/server framework asyncio. Security Fixes: aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain...
aiohttp: aiohttp vulnerable to request smuggling due to incorrect parsing of chunk extensions
A flaw was found in the aiohttp package. The Python parser parses newlines in chunk extensions incorrectly, which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installed, for example, without the usual C extensions, or...
aiohttp: aiohttp vulnerable to request smuggling due to incorrect parsing of chunk extensions
A flaw was found in the aiohttp package. The Python parser parses newlines in chunk extensions incorrectly, which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installed, for example, without the usual C extensions, or...
aiohttp: aiohttp vulnerable to request smuggling due to incorrect parsing of chunk extensions
A flaw was found in the aiohttp package. The Python parser parses newlines in chunk extensions incorrectly, which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installed, for example, without the usual C extensions, or...
SUSE CVE-2024-52304
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installe...