Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2026:0618-1

Опубликовано: 24 фев. 2026
Источник: suse-cvrf

Описание

Security update for protobuf

This update for protobuf fixes the following issues:i

  • CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python json_format.ParseDict (bsc#1257173).

Список пакетов

SUSE Linux Enterprise Micro 5.2
libprotobuf-lite20-3.9.2-150200.4.30.1
SUSE Linux Enterprise Micro 5.3
libprotobuf-lite20-3.9.2-150200.4.30.1
SUSE Linux Enterprise Micro 5.4
libprotobuf-lite20-3.9.2-150200.4.30.1
SUSE Linux Enterprise Micro 5.5
libprotobuf-lite20-3.9.2-150200.4.30.1
SUSE Linux Enterprise Module for Basesystem 15 SP7
libprotobuf20-3.9.2-150200.4.30.1
SUSE Linux Enterprise Module for Package Hub 15 SP7
python3-protobuf-3.9.2-150200.4.30.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4
python3-protobuf-3.9.2-150200.4.30.1
SUSE Linux Enterprise Module for Public Cloud 15 SP5
python3-protobuf-3.9.2-150200.4.30.1
SUSE Linux Enterprise Module for Public Cloud 15 SP6
python3-protobuf-3.9.2-150200.4.30.1
SUSE Linux Enterprise Module for Public Cloud 15 SP7
python3-protobuf-3.9.2-150200.4.30.1

Ссылки

Описание

A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the intended recursion limit, eventually exhausting Python's recursion stack and causing a RecursionError.

Затронутые продукты
SUSE Linux Enterprise Micro 5.2:libprotobuf-lite20-3.9.2-150200.4.30.1
SUSE Linux Enterprise Micro 5.3:libprotobuf-lite20-3.9.2-150200.4.30.1
SUSE Linux Enterprise Micro 5.4:libprotobuf-lite20-3.9.2-150200.4.30.1
SUSE Linux Enterprise Micro 5.5:libprotobuf-lite20-3.9.2-150200.4.30.1
Ссылки