Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2026-3095

Опубликовано: 23 фев. 2026
Источник: oracle-oval
Платформа: Oracle Linux 9

Описание

ELSA-2026-3095: protobuf security update (IMPORTANT)

[3.14.0-17]

  • Fix CVE-2026-0994: nested Any messages bypassing recursion depth limits

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

protobuf

3.14.0-17.el9_7

protobuf-compiler

3.14.0-17.el9_7

protobuf-devel

3.14.0-17.el9_7

protobuf-lite

3.14.0-17.el9_7

protobuf-lite-devel

3.14.0-17.el9_7

python3-protobuf

3.14.0-17.el9_7

Oracle Linux x86_64

protobuf

3.14.0-17.el9_7

protobuf-compiler

3.14.0-17.el9_7

protobuf-devel

3.14.0-17.el9_7

protobuf-lite

3.14.0-17.el9_7

protobuf-lite-devel

3.14.0-17.el9_7

python3-protobuf

3.14.0-17.el9_7

Связанные CVE

CVE-2026-0994

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2026-0994

ubuntu
2 месяца назад

A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the intended recursion limit, eventually exhausting Python’s recursion stack and causing a RecursionError.

redhat логотип

CVE-2026-0994

CVSS3: 7.5
redhat
2 месяца назад

A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the intended recursion limit, eventually exhausting Python’s recursion stack and causing a RecursionError.

nvd логотип

CVE-2026-0994

nvd
2 месяца назад

A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the intended recursion limit, eventually exhausting Python’s recursion stack and causing a RecursionError.

debian логотип

CVE-2026-0994

debian
2 месяца назад

A denial-of-service (DoS) vulnerability exists in google.protobuf.json ...

suse-cvrf логотип

SUSE-SU-2026:0618-1

suse-cvrf
около 1 месяца назад

Security update for protobuf