5 matches found
CVE-2024-7254
CVE-2024-7254 describes a stack overflow DoS in parsers when handling untrusted Protocol Buffers data with deeply nested SGROUP/group structures. The root cause is unbounded recursion when parsing unknown fields (DiscardUnknownFieldsParser) or Java Protobuf Lite against nested groups or map field...
CVE-2021-22570
CVE-2021-22570 affects Protocol Buffers (protobuf). A null character in a proto symbol is parsed incorrectly, causing a null pointer dereference via an unchecked access to the proto file name during error message generation. The issue can enable denial of service or memory access instability as d...
CVE-2026-0994
CVE-2026-0994 affects google.protobuf.json_format.ParseDict() in Python. The root cause is missing recursion depth accounting inside the internal Any-handling logic, allowing crafting deeply nested google.protobuf.Any structures to bypass the max_recursion_depth limit, exhausting Python’s recursi...
CVE-2015-5237
CVE-2015-5237 affects Google Protocol Buffers (protobuf). Root cause: integer/heap overflow in MessageLite::SerializeToString leading to a heap‑based buffer overflow. Exploitation could enable remote code execution or denial of service by remote authenticated attackers. In IBM DataStage for Cloud...
CVE-2024-2410
CVE-2024-2410 concerns a use-after-free in the JsonToBinaryStream() function of the protocol buffers C++ implementation when parsing JSON from a stream with certain chunking. The issue is triggered by reading from a freed chunk, as described in multiple connected documents. Concrete details acros...