Lucene search
K

48 matches found

RedhatCVE
RedhatCVE
added 2026/06/29 4:49 a.m.8 views

CVE-2026-54270

A flaw was found in protobufjs. This library compiles protobuf definitions into JavaScript JS functions. A remote attacker could send a specially crafted protobuf payload containing numerous unknown fields. This could cause the decoded message to retain substantially more memory than expected,...

5.3CVSS5.8AI score0.00293EPSS
Exploits0References4
NVD
NVD
added 2026/06/22 6:16 p.m.11 views

CVE-2026-54270

protobufjs compiles protobuf definitions into JavaScript JS functions. From 8.2.0 to 8.4.2, protobufjs preserved unknown wire elements in message.$unknowns and did not provide a decode-time option to discard unknown fields before retaining them. A crafted protobuf payload containing many unknown...

5.3CVSS0.00293EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 4:19 p.m.4 views

CVE-2026-54270

protobufjs compiles protobuf definitions into JavaScript JS functions. From 8.2.0 to 8.4.2, protobufjs preserved unknown wire elements in message.$unknowns and did not provide a decode-time option to discard unknown fields before retaining them. A crafted protobuf payload containing many unknown...

5.3CVSS5.9AI score0.00293EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/22 4:19 p.m.36 views

CVE-2026-54270 protobufjs: Memory amplification from preserved unknown fields in binary decode

protobufjs compiles protobuf definitions into JavaScript JS functions. From 8.2.0 to 8.4.2, protobufjs preserved unknown wire elements in message.$unknowns and did not provide a decode-time option to discard unknown fields before retaining them. A crafted protobuf payload containing many unknown...

5.3CVSS0.00293EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/15 8:13 p.m.5 views

NPM: protobufjs: Memory amplification from preserved unknown fields in binary decode

NPM: protobufjs: Memory amplification from preserved unknown fields in binary decode vulnerability discovered by ? in WordPress Npm protobufjs versions = 8.2.0, = 8.4.2...

5.3CVSS5.8AI score0.00293EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:13 p.m.8 views

protobufjs: Memory amplification from preserved unknown fields in binary decode

Summary protobufjs 8.2.0 added support for preserving unknown fields encountered during binary decode. Affected versions preserved unknown wire elements in message.$unknowns and did not provide a decode-time option to discard unknown fields before retaining them. A crafted protobuf payload...

5.3CVSS5.3AI score0.00293EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/15 8:13 p.m.4 views

GHSA-94RC-8X27-4472 protobufjs: Memory amplification from preserved unknown fields in binary decode

Summary protobufjs 8.2.0 added support for preserving unknown fields encountered during binary decode. Affected versions preserved unknown wire elements in message.$unknowns and did not provide a decode-time option to discard unknown fields before retaining them. A crafted protobuf payload...

5.3CVSS5.3AI score0.00293EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.13 views

PT-2026-49585

Name of the Vulnerable Software and Affected Versions protobufjs versions 8.2.0 through 8.4.2 Description protobufjs preserves unknown wire elements in message.$unknowns during binary decode but lacks a decode-time option to discard these fields before retention. A crafted protobuf payload...

5.3CVSS5.9AI score0.00293EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/03/25 4:55 p.m.10 views

SUSE CVE-2026-23367

In the Linux kernel, the following vulnerability has been resolved: wifi: radiotap: reject radiotap with unknown bits The radiotap parser is currently only used with the radiotap namespace not with vendor namespaces, but if the undefined field 18 is used, the alignment/size is unknown as well. In...

6.3CVSS5.7AI score0.00123EPSS
Exploits0References17
UbuntuCve
UbuntuCve
added 2026/03/25 11:16 a.m.13 views

CVE-2026-23367

In the Linux kernel, the following vulnerability has been resolved: wifi: radiotap: reject radiotap with unknown bits The radiotap parser is currently only used with the radiotap namespace not with vendor namespaces, but if the undefined field 18 is used, the alignment/size is unknown as well. In...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References8
CVE
CVE
added 2026/03/25 10:27 a.m.19 views

CVE-2026-23367

CVE-2026-23367 – Linux kernel (wifi: radiotap: reject radiotap with unknown bits) The issue arises in the radiotap parser used for the radiotap namespace. If an undefined field (field 18) is present, the alignment/size is unknown and iterator->_next_ns_data is not initialized for non-visible v...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/25 10:27 a.m.2 views

CVE-2026-23367

In the Linux kernel, the following vulnerability has been resolved: wifi: radiotap: reject radiotap with unknown bits The radiotap parser is currently only used with the radiotap namespace not with vendor namespaces, but if the undefined field 18 is used, the alignment/size is unknown as well. In...

5.6AI score0.00123EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2026/03/25 10:27 a.m.20 views

CVE-2026-23367 wifi: radiotap: reject radiotap with unknown bits

In the Linux kernel, the following vulnerability has been resolved: wifi: radiotap: reject radiotap with unknown bits The radiotap parser is currently only used with the radiotap namespace not with vendor namespaces, but if the undefined field 18 is used, the alignment/size is unknown as well. In...

0.00123EPSS
Exploits0References8
Microsoft CVE
Microsoft CVE
added 2025/09/04 10:26 a.m.7 views

The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::coded_input_stream::CodedInputStream::skip_group parsing of unknown fields in untrusted input.

...

5.9CVSS7AI score0.0038EPSS
Exploits0
Amazon
Amazon
added 2025/08/08 12:0 a.m.9 views

Medium: rust

Issue Overview: The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::codedinputstream::CodedInputStream::skipgroup parsing of unknown fields in untrusted input. CVE-2025-53605 Affected Packages: rust Issue Correction: Run dnf update rust --releasever...

5.9CVSS6.9AI score0.0038EPSS
Exploits0
Amazon
Amazon
added 2025/07/30 12:0 a.m.15 views

Medium: rust

Issue Overview: The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::codedinputstream::CodedInputStream::skipgroup parsing of unknown fields in untrusted input. CVE-2025-53605 Affected Packages: rust Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

5.9CVSS7AI score0.0038EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/07/07 12:8 a.m.7 views

CVE-2025-53605

A flaw was found in protobuf. The protobuf::codedinputstream::CodedInputStream::skipgroup function exhibits uncontrolled recursion when parsing unknown fields from untrusted input, potentially leading to excessive resource consumption. This flaw allows a network attacker to trigger this condition...

5.9CVSS6.1AI score0.0038EPSS
Exploits0References6
OSV
OSV
added 2025/07/05 1:15 a.m.7 views

AZL-65574 CVE-2025-53605 affecting package kata-containers 3.2.0.azl2-7

The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::codedinputstream::CodedInputStream::skipgroup parsing of unknown fields in untrusted input...

5.9CVSS5.7AI score0.0038EPSS
Exploits0References1
OSV
OSV
added 2025/07/05 1:15 a.m.6 views

UBUNTU-CVE-2025-53605

The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::codedinputstream::CodedInputStream::skipgroup parsing of unknown fields in untrusted input...

5.9CVSS5.8AI score0.0038EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/07/05 12:0 a.m.10 views

CVE-2025-53605

The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::codedinputstream::CodedInputStream::skipgroup parsing of unknown fields in untrusted input...

5.9CVSS0.0038EPSS
Exploits0References3
Rows per page
Query Builder