发布时间: 2025年7月4日
修改时间: 2025年7月11日
Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashing the application with a RecursionError. We recommend upgrading to version =>6.31.1 or beyond commit 17838beda2943d08b8a9d4df5b68f5f04f26d901
| NVD | openEuler | |
|---|---|---|
| Confidentiality | None | |
| Attack Vector | Network | |
| CVSS评分 | N/A | 5.3 |
| Attack Complexity | Low | |
| Privileges Required | None | |
| Scope | Unchanged | |
| Integrity | None | |
| User Interaction | None | |
| Availability | Low |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2025-2744 | protobuf security update | 2025年8月18日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-5 | protobuf | Fixed |
| V6 | protobuf | Fixed |
| KY3.5.3 | protobuf | Fixed |
| KY3.5.2 | protobuf | Fixed |
