OESA-2025-1144

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1144
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2025-1144.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2025-1144
Upstream
Published
2025-02-21T13:35:33Z
Modified
2025-08-12T05:48:05.771544Z
Summary
protobuf security update
Details

Protocol Buffers (a.k.a., protobuf) are Google's language-neutral, platform-neutral, extensible mechanism for serializing structured data. You can find protobuf's documentation on the Google Developers site.

Security Fix(es):

Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.(CVE-2024-7254)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:24.03-LTS / protobuf

Package

Name
protobuf
Purl
pkg:rpm/openEuler/protobuf&distro=openEuler-24.03-LTS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
25.1-7.oe2403

Ecosystem specific 

{
    "x86_64": [
        "protobuf-25.1-7.oe2403.x86_64.rpm",
        "protobuf-compiler-25.1-7.oe2403.x86_64.rpm",
        "protobuf-debuginfo-25.1-7.oe2403.x86_64.rpm",
        "protobuf-debugsource-25.1-7.oe2403.x86_64.rpm",
        "protobuf-devel-25.1-7.oe2403.x86_64.rpm",
        "protobuf-lite-25.1-7.oe2403.x86_64.rpm",
        "protobuf-lite-devel-25.1-7.oe2403.x86_64.rpm"
    ],
    "noarch": [
        "protobuf-bom-25.1-7.oe2403.noarch.rpm",
        "protobuf-java-25.1-7.oe2403.noarch.rpm",
        "protobuf-java-util-25.1-7.oe2403.noarch.rpm",
        "protobuf-javadoc-25.1-7.oe2403.noarch.rpm",
        "protobuf-javalite-25.1-7.oe2403.noarch.rpm",
        "protobuf-parent-25.1-7.oe2403.noarch.rpm",
        "python3-protobuf-25.1-7.oe2403.noarch.rpm"
    ],
    "aarch64": [
        "protobuf-25.1-7.oe2403.aarch64.rpm",
        "protobuf-compiler-25.1-7.oe2403.aarch64.rpm",
        "protobuf-debuginfo-25.1-7.oe2403.aarch64.rpm",
        "protobuf-debugsource-25.1-7.oe2403.aarch64.rpm",
        "protobuf-devel-25.1-7.oe2403.aarch64.rpm",
        "protobuf-lite-25.1-7.oe2403.aarch64.rpm",
        "protobuf-lite-devel-25.1-7.oe2403.aarch64.rpm"
    ],
    "src": [
        "protobuf-25.1-7.oe2403.src.rpm"
    ]
}