CVE-2025-4565

Any project that uses Protobuf Pure-Python backendto parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUPtags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashing the application with a RecursionError. We recommend upgrading to version =>6.31.1 or beyond commit17838beda2943d08b8a9d4df5b68f5f04f26d901
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
GoogleCNA
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
protobuf
plucky
Fixed 3.21.12-10ubuntu0.1
released
oracular
ignored
noble
Fixed 3.21.12-8.2ubuntu0.2
released
jammy
Fixed 3.12.4-1ubuntu7.22.04.4
released
focal
needed
bionic
needed
xenial
needed
trusty
needed
Common Weakness Enumeration
References
https://github.com/protocolbuffers/protobuf/commit/17838beda2943d08b8a9d4df5b68f5f04f26d901