VYPR

rpm package

suse/protobuf&distro=SUSE Linux Enterprise Module for Public Cloud 15 SP5

pkg:rpm/suse/protobuf&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5

Vulnerabilities (9)

  • CVE-2026-0994HigJan 23, 2026
    affected < 25.1-150500.12.14.1fixed 25.1-150500.12.14.1

    A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling l

  • CVE-2025-4565MedJun 16, 2025
    affected < 25.1-150500.12.11.1fixed 25.1-150500.12.11.1

    Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of s

  • CVE-2024-7254HigSep 19, 2024
    affected < 25.1-150500.12.5.1fixed 25.1-150500.12.5.1

    Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf

  • CVE-2023-44487HigKEVOct 10, 2023
    affected < 25.1-150400.9.3.1fixed 25.1-150400.9.3.1

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2023-4785HigSep 13, 2023
    affected < 25.1-150400.9.3.1fixed 25.1-150400.9.3.1

    Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are aff

  • CVE-2023-33953HigAug 9, 2023
    affected < 25.1-150400.9.3.1fixed 25.1-150400.9.3.1

    gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounde

  • CVE-2023-32732MedJun 9, 2023
    affected < 25.1-150400.9.3.1fixed 25.1-150400.9.3.1

    gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recom

  • CVE-2023-32731HigJun 9, 2023
    affected < 25.1-150400.9.3.1fixed 25.1-150400.9.3.1

    When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy an

  • CVE-2023-30608MedApr 18, 2023
    affected < 25.1-150400.9.6.1fixed 25.1-150400.9.6.1

    sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of