CNNVD-202506-1897 Information

CNNVD ID

CNNVD-202506-1897

Related CVE

CVE-2025-4565

• CNNVD Published: 2025-06-16

Description (Chinese)

Protobuf Pure-Python是Protobuf开源的一个谷歌的数据交换格式。 Protobuf Pure-Python存在安全漏洞，该漏洞源于解析递归数据时超过Python递归限制，可能导致拒绝服务攻击。

Description (English)

Protobuf Pure-Python is a Google data exchange format for Protobuf open source. Protobuf Pure-Python has a security loophole, which stems from the deciphering of data beyond the Python regression limit, which may lead to a denial of service attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Protobuf

Published

2025-06-16

Last Modified

2026-02-24

References

https://github.com/protocolbuffers/protobuf/commit/17838beda2943d08b8a9d4df5b68f5f04f26d901 https://access.redhat.com/security/cve/cve-2025-4565 https://vigilance.fr/vulnerability/Protobuf-Pure-Python-denial-of-service-via-Recursion-Limit-47673

Patch

https://github.com/protocolbuffers/protobuf/releases