Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Denial of Service in Python Protobuf
Vulnerability Description
A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the intended recursion limit, eventually exhausting Python’s recursion stack and causing a RecursionError.
CVSS Information
N/A
Vulnerability Type
未经控制的递归
Vulnerability Title
Google protobuf 安全漏洞
Vulnerability Description
Google protobuf是美国谷歌(Google)公司的一种数据交换格式。 Google protobuf存在安全漏洞,该漏洞源于google.protobuf.json_format.ParseDict函数在解析嵌套的google.protobuf.Any消息时可绕过max_recursion_depth限制,可能导致拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A