Skip to main content

Protobuf

6 CVEs product

Monthly

CVE-2026-0994 PyPI HIGH PATCH This Week

A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages.

Google Python Authentication Bypass Protobuf
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2024-7254 LIB HIGH PATCH This Week

Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Java Denial Of Service Protobuf Protobuf Java Protobuf Javalite +5
NVD GitHub HeroDevs
CVSS 4.0
8.7
EPSS
2.8%
CVE-2024-2410 CRITICAL Act Now

The JsonToBinaryStream() function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Protobuf
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-24535 Go HIGH PATCH This Week

Parsing invalid messages can panic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Protobuf
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-3121 Go HIGH PATCH This Week

An issue was discovered in GoGo Protobuf before 1.3.2. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Protobuf HashiCorp Consul
NVD GitHub
CVSS 3.1
8.6
EPSS
3.5%
CVE-2015-5237 LIB HIGH PATCH GHSA This Week

protobuf allows remote authenticated attackers to cause a heap-based buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Protobuf
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
EPSS 0% CVSS 8.2
HIGH PATCH This Week

A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages.

Google Python Authentication Bypass +1
NVD GitHub VulDB
EPSS 3% CVSS 8.7
HIGH PATCH This Week

Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Java Denial Of Service Protobuf +7
NVD GitHub HeroDevs
EPSS 0% CVSS 9.8
CRITICAL Act Now

The JsonToBinaryStream() function is part of the protocol buffers C++ implementation and is used to parse JSON from a stream. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Parsing invalid messages can panic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Protobuf
NVD GitHub
EPSS 3% CVSS 8.6
HIGH PATCH This Week

An issue was discovered in GoGo Protobuf before 1.3.2. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Protobuf HashiCorp Consul
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

protobuf allows remote authenticated attackers to cause a heap-based buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Protobuf
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy