VYPR

rpm package

opensuse/protobuf&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/protobuf&distro=openSUSE%20Tumbleweed

Vulnerabilities (3)

  • CVE-2026-0994HigJan 23, 2026
    affected < 34.1-1.1fixed 34.1-1.1

    A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling l

  • CVE-2025-4565Jun 16, 2025
    affected < 31.1-1.1fixed 31.1-1.1

    Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of s

  • CVE-2024-7254Sep 19, 2024
    affected < 28.3-15.1fixed 28.3-15.1

    Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf