icon

We found results for “

CVE-2025-4565

Good to know:

icon
icon

Date: June 16, 2025

Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashing the application with a RecursionError. We recommend upgrading to version =>6.31.1 or beyond commit 17838beda2943d08b8a9d4df5b68f5f04f26d901

Severity Score

Severity Score

Weakness Type (CWE)

Uncontrolled Recursion

CWE-674

Top Fix

icon

Upgrade Version

Upgrade to version protobuf - 4.25.8;protobuf - 5.29.5;protobuf - 6.31.1;protobuf - 4.25.8;protobuf - 5.29.5;protobuf - 6.31.1;protobuf - 4.25.8;protobuf - 5.29.5;protobuf - 6.31.1;https://github.com/protocolbuffers/protobuf.git - v4.25.8;https://github.com/protocolbuffers/protobuf.git - v5.29.5;https://github.com/protocolbuffers/protobuf.git - v6.31.1;https://github.com/protocolbuffers/protobuf.git - v3.25.8

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us