RLSA-2026:3094 Important: protobuf security update

The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can encode structured data in an efficient yet extensible format, and provide a flexible, efficient, and automated mechanism for serializing structured data. Security Fixes: python: protobuf:...

RLSA-2026:3095 Important: protobuf security update

The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can encode structured data in an efficient yet extensible format, and provide a flexible, efficient, and automated mechanism for serializing structured data. Security Fixes: python: protobuf:...

Important: Red Hat Security Advisory: protobuf security update

An update for protobuf is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

Important: Red Hat Security Advisory: protobuf security update

An update for protobuf is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

Amazon Linux 2023 : protobuf, protobuf-compiler, protobuf-devel (ALAS2023-2026-1407)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1407 advisory. A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due t...

python-protobuf: Unbounded recursion in Python Protobuf

A flaw was found in the python protobuf package which can result in a denial of service. Applications that parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages, or a series of SGROUP tags can be corrupted by exceeding the Python recursion...

CVE-2026-0994 Denial of Service in Python Protobuf

A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...

CVE-2026-0994 Denial of Service in Python Protobuf

A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can...

PT-2026-4468

Name of the Vulnerable Software and Affected Versions google.protobuf affected versions not specified Description A denial-of-service DoS issue exists in the ParseDict function within google.protobuf.json format in Python. The vulnerability occurs because the max recursion depth limit can be...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.19.4 security and extras update

Red Hat OpenShift Container Platform release 4.19.4 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.19. Red Hat Product Security has rated this update as having a security impact of...

Unbounded recursion in Python Protobuf

...

CVE-2025-4565

A flaw was found in the python protobuf package which can result in a denial of service. Applications that parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages, or a series of SGROUP tags can be corrupted by exceeding the Python recursion...

aerospike-vector-search (>=1.0.0 <=4.2.0), aidbbot (>=0.1.0 <=0.1.2) +427 more potentially affected by CVE-2025-4565 via protobuf (>=5.26.0rc2 <=5.29.4)

protobuf PYPI version =5.26.0rc2, =1.0.0, =0.1.0, =0.82.3, =2.47.9, =0.1.8, =0.1.4, =0.0.10, =0.4.1, =1.0.3, =1.0.0, =0.1.1, =0.5.0, =0.7.3, =0.2.3, =0.9.0, =0.9.5 and more Source cves: CVE-2025-4565 Source advisory: SNYK:PYTHON-PROTOBUF-10364902...

bsk (=2.8.33), bts-mlb (=0.1.2) +38 more potentially affected by CVE-2025-4565 via protobuf (>=6.30.1 <=6.31.0)

protobuf PYPI version =6.30.1, =1.0.0, =4.0.7, =0.2.0b3, =1.0.1, =1.0.0, =1.10.0, =0.0.0, =1.0.0, =1.1.0rc3 - isosegdenoise =0.1.2.dev310 and more Source cves: CVE-2025-4565 Source advisory: SNYK:PYTHON-PROTOBUF-10364902...

Uncontrolled Recursion

Overview protobuf is a Google’s data interchange format Affected versions of this package are vulnerable to Uncontrolled Recursion when parsing untrusted Protocol Buffers data containing an excessive number of recursive groups, recursive messages, or a series of SGROUP tags. An attacker can provi...

CVE-2025-4565 Unbounded recursion in Python Protobuf

Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashin...

CVE-2025-4565

CVE-2025-4565 affects the Protobuf Python backend (pure-Python) when parsing untrusted data with recursive groups/messages or SGROUP tags, potentially causing denial of service via RecursionError. Public details in connected documents specify a fix path: upgrade to protobuf 6.31.1 or newer (commi...