Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2026:3095

Опубликовано: 24 фев. 2026
Источник: rocky
Оценка: Important

Описание

Important: protobuf security update

The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can encode structured data in an efficient yet extensible format, and provide a flexible, efficient, and automated mechanism for serializing structured data.

Security Fix(es):

  • python: protobuf: Protobuf: Denial of Service due to recursion depth bypass (CVE-2026-0994)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 9

НаименованиеАрхитектураРелизRPM
protobufi68617.el9_7protobuf-3.14.0-17.el9_7.i686.rpm
protobufx86_6417.el9_7protobuf-3.14.0-17.el9_7.x86_64.rpm
protobuf-litei68617.el9_7protobuf-lite-3.14.0-17.el9_7.i686.rpm
protobuf-litex86_6417.el9_7protobuf-lite-3.14.0-17.el9_7.x86_64.rpm
python3-protobufnoarch17.el9_7python3-protobuf-3.14.0-17.el9_7.noarch.rpm

Показывать по

Связанные CVE

CVE-2026-0994

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2026-0994

ubuntu
2 месяца назад

A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the intended recursion limit, eventually exhausting Python’s recursion stack and causing a RecursionError.

redhat логотип

CVE-2026-0994

CVSS3: 7.5
redhat
2 месяца назад

A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the intended recursion limit, eventually exhausting Python’s recursion stack and causing a RecursionError.

nvd логотип

CVE-2026-0994

nvd
2 месяца назад

A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the intended recursion limit, eventually exhausting Python’s recursion stack and causing a RecursionError.

debian логотип

CVE-2026-0994

debian
2 месяца назад

A denial-of-service (DoS) vulnerability exists in google.protobuf.json ...

suse-cvrf логотип

SUSE-SU-2026:0618-1

suse-cvrf
около 1 месяца назад

Security update for protobuf