CNNVD-202601-4116 Information
Jan 23, 2026
cve
CNNVD ID
CNNVD-202601-4116
Related CVE
- CNNVD Published: 2026-01-23
Description (Chinese)
Google protobuf是美国谷歌(Google)公司的一种数据交换格式。 Google protobuf存在安全漏洞,该漏洞源于google.protobuf.json_format.ParseDict函数在解析嵌套的google.protobuf.Any消息时可绕过max_recursion_depth限制,可能导致拒绝服务攻击。
Description (English)
Google Protobuf is a data exchange format for Google. There is a security loophole in Google Protobuf, which stems from the fact that the Google.protobuf.json format.ParseDict function can circumvent max recursion depth restrictions when deciphering embedded Google.protobuf.any messages.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
谷歌
Published
2026-01-23
Last Modified
2026-02-24
References
https://github.com/protocolbuffers/protobuf/pull/25239
Patch
https://github.com/protocolbuffers/protobuf/releases
Share on: