Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

protobuf-python

Source -

ADPCNANVD

CNA CVEs -

1

ADP CVEs -

1

CISA CVEs -

0

NVD CVEs -

2
Related CVEsRelated VendorsRelated AssignersReports
2Vulnerabilities found

CVE-2025-4565
Assigner-Google LLC
ShareView Details
Assigner-Google LLC
CVSS Score-8.2||HIGH
EPSS-0.03% / 5.30%
||
7 Day CHG~0.00%
Published-16 Jun, 2025 | 14:50
Updated-14 Aug, 2025 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unbounded recursion in Python Protobuf

Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashing the application with a RecursionError. We recommend upgrading to version =>6.31.1 or beyond commit 17838beda2943d08b8a9d4df5b68f5f04f26d901

Action-Not Available
Vendor-protocolbuffersGoogle LLC
Product-protobuf-pythonPython-Protobuf
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2022-1941
Assigner-Google LLC
ShareView Details
Assigner-Google LLC
CVSS Score-7.5||HIGH
EPSS-0.12% / 32.08%
||
7 Day CHG~0.00%
Published-22 Sep, 2022 | 00:00
Updated-03 Aug, 2024 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out of Memory issue in ProtocolBuffers for cpp and python

A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated.

Action-Not Available
Vendor-Google LLCFedora ProjectDebian GNU/Linux
Product-protobuf-cppdebian_linuxfedoraprotobuf-pythonprotobuf-cppprotobuf-pythonprotobuf-cppprotobuf-python
CWE ID-CWE-1286
Improper Validation of Syntactic Correctness of Input