CVE-2025-4565

High CVSS: 8.2

Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashing the application with a RecursionError. We recommend upgrading to version =>6.31.1 or beyond commit 17838beda2943d08b8a9d4df5b68f5f04f26d901

Vendor

Google

Product

Protobuf-python

CWE

CWE-674

Yayın Tarihi

2025-06-16 15:15:24

Güncelleme

2025-08-14 17:05:37

Source Identifier

cve-coordination@google.com

KEV Date Added

Kategoriler

CWE-674 Protobuf-python HIGH Google 2025

Referanslar

https://github.com/protocolbuffers/protobuf/commit/17838beda2943d08b8a9d4df5b68f5f04f26d901

Benzer Kayıtlar

High

CVE-2026-5292

Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of…

Medium

CVE-2026-5291

Inappropriate implementation in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain poten…

Critical

CVE-2026-5290

Use after free in Compositing in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the…

Critical

CVE-2026-5289

Use after free in Navigation in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the…

Critical

CVE-2026-5288

Use after free in WebView in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker who had compromi…

High

CVE-2026-5287

Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code insid…