Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2026:3094

Опубликовано: 24 фев. 2026
Источник: rocky
Оценка: Important

Описание

Important: protobuf security update

The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can encode structured data in an efficient yet extensible format, and provide a flexible, efficient, and automated mechanism for serializing structured data.

Security Fix(es):

  • python: protobuf: Protobuf: Denial of Service due to recursion depth bypass (CVE-2026-0994)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 10

НаименованиеАрхитектураРелизRPM
python3-protobufx86_6415.el10_1python3-protobuf-3.19.6-15.el10_1.x86_64.rpm
protobufx86_6415.el10_1protobuf-3.19.6-15.el10_1.x86_64.rpm
protobuf-litex86_6415.el10_1protobuf-lite-3.19.6-15.el10_1.x86_64.rpm

Показывать по

Связанные CVE

CVE-2026-0994

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2026-0994

ubuntu
2 месяца назад

A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the intended recursion limit, eventually exhausting Python’s recursion stack and causing a RecursionError.

redhat логотип

CVE-2026-0994

CVSS3: 7.5
redhat
2 месяца назад

A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the intended recursion limit, eventually exhausting Python’s recursion stack and causing a RecursionError.

nvd логотип

CVE-2026-0994

nvd
2 месяца назад

A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the intended recursion limit, eventually exhausting Python’s recursion stack and causing a RecursionError.

debian логотип

CVE-2026-0994

debian
2 месяца назад

A denial-of-service (DoS) vulnerability exists in google.protobuf.json ...

suse-cvrf логотип

SUSE-SU-2026:0618-1

suse-cvrf
около 1 месяца назад

Security update for protobuf