Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2026-3094

Опубликовано: 23 фев. 2026
Источник: oracle-oval
Платформа: Oracle Linux 10

Описание

ELSA-2026-3094: protobuf security update (IMPORTANT)

[3.19.6-15]

  • Fix CVE-2026-0994: nested Any messages bypassing recursion depth limits

[3.19.6-14]

  • Disable tests during build that are flaky

[3.19.6-13]

  • Rebuilt for tests directory

[3.19.6-12]

  • Copy patch from c9s to make emacs dependency optional Resolves: RHEL-93236

Обновленные пакеты

Oracle Linux 10

Oracle Linux aarch64

protobuf

3.19.6-15.el10_1

protobuf-compiler

3.19.6-15.el10_1

protobuf-devel

3.19.6-15.el10_1

protobuf-lite

3.19.6-15.el10_1

protobuf-lite-devel

3.19.6-15.el10_1

python3-protobuf

3.19.6-15.el10_1

Oracle Linux x86_64

protobuf

3.19.6-15.el10_1

protobuf-compiler

3.19.6-15.el10_1

protobuf-devel

3.19.6-15.el10_1

protobuf-lite

3.19.6-15.el10_1

protobuf-lite-devel

3.19.6-15.el10_1

python3-protobuf

3.19.6-15.el10_1

Связанные CVE

CVE-2026-0994

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2026-0994

ubuntu
2 месяца назад

A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the intended recursion limit, eventually exhausting Python’s recursion stack and causing a RecursionError.

redhat логотип

CVE-2026-0994

CVSS3: 7.5
redhat
2 месяца назад

A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the intended recursion limit, eventually exhausting Python’s recursion stack and causing a RecursionError.

nvd логотип

CVE-2026-0994

nvd
2 месяца назад

A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the intended recursion limit, eventually exhausting Python’s recursion stack and causing a RecursionError.

debian логотип

CVE-2026-0994

debian
2 месяца назад

A denial-of-service (DoS) vulnerability exists in google.protobuf.json ...

suse-cvrf логотип

SUSE-SU-2026:0618-1

suse-cvrf
около 1 месяца назад

Security update for protobuf