VYPR

rpm package

suse/protobuf-java&distro=SUSE Linux Enterprise Server 16.0

pkg:rpm/suse/protobuf-java&distro=SUSE%20Linux%20Enterprise%20Server%2016.0

Vulnerabilities (2)

  • CVE-2026-0994HigJan 23, 2026
    affected < 28.3-160000.3.1fixed 28.3-160000.3.1

    A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling l

  • CVE-2025-4565Jun 16, 2025
    affected < 28.3-160000.3.1fixed 28.3-160000.3.1

    Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of s