SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1653

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1653

Security update for protobuf

Type: security

Severity: moderate

Issued: 2026-04-29

Description:

This update for protobuf fixes the following issues:

Refresh fixes:

- CVE-2025-4565: parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or
  messages can lead to crash due to RecursionError (bsc#1244663).
- CVE-2026-0994: `max_recursion_depth` limit can be bypassed when parsing nested `google.protobuf.Any` messages and lead
  to the exhaustion of the Python recursion stack (bsc#1257173).

References

CVE: CVE-2026-0994
CVE: CVE-2025-4565
Bugzilla: 1260019 L3: python3-protobuf - Protobuf current_depth UnboundLocalError
Bugzilla: 1257173 VUL-0: CVE-2026-0994: protobuf: `max_recursion_depth` limit can be bypassed when parsing nested `google.protobuf.Any` messages and lead to the exhaustion of the Python recursion stack
Bugzilla: 1244663 VUL-0: CVE-2025-4565: protobuf: parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or messages can lead to crash due to RecursionError

Packages

protobuf-3.9.2-150200.4.33.1