CNNVD-202507-520 Information

CNNVD ID

CNNVD-202507-520

Related CVE

CVE-2025-53605

• CNNVD Published: 2025-07-04

Description (Chinese)

protobuf crate是Stepan Koltsov个人开发者的一个Rust的库。 protobuf crate 3.7.2之前版本存在安全漏洞，该漏洞源于protobuf::coded_input_stream::CodedInputStream::skip_group解析未知字段时存在不受控递归。

Description (English)

Protobuf crate is a Rust library of Stepan Koltsov’s personal developer. There was a security loophole in the pre-protobuf crate 3.7.2 version, which originated from the uncontrollable presence of the protobuf:::coded input stream:codedInputStream::skip group to resolve unknown fields.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Live Support

Published

2025-07-04

Last Modified

2026-02-24

References

https://nvd.nist.gov/vuln/detail/CVE-2025-53605 https://vigilance.fr/vulnerability/Rust-protobuf-denial-of-service-via-Uncontrolled-Recursion-48318 https://access.redhat.com/security/cve/cve-2025-53605

Patch

https://crates.io/crates/protobuf