CVE-2025-4565
Published: 06/16/2025 15:15:24
Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashing the application with a RecursionError. We recommend upgrading to version =>6.31.1 or beyond commit 17838beda2943d08b8a9d4df5b68f5f04f26d901
HIGH
CVSS v3: 7.5
CVSS v3: 7.5
Status
| DocFilters Release | Package | State | Justification | Comment |
|---|---|---|---|---|
| 0.0.0.1 | protobuf (3.0.0) | Not Affected | Code Not Present | 3.0.0 does not match CVE configuration. |
| 25.2 | protobuf (3.0.0) | Not Affected | Code Not Present | 3.0.0 does not match CVE configuration. |
| 25.1.1 | protobuf (3.0.0) | Not Affected | Code Not Present | 3.0.0 does not match CVE configuration. |
| 25.1 | protobuf (3.0.0) | Not Affected | Code Not Present | 3.0.0 does not match CVE configuration. |
| 24.4 | protobuf (3.0.0) | Not Affected | Code Not Present | 3.0.0 does not match CVE configuration. |
| 24.4.0 | protobuf (3.0.0) | Not Affected | Code Not Present | 3.0.0 does not match CVE configuration. |
| 24.3 | protobuf (3.0.0) | Not Affected | Code Not Present | 3.0.0 does not match CVE configuration. |
| 24.2.1 | protobuf (3.0.0) | Not Affected | Code Not Present | 3.0.0 does not match CVE configuration. |
| 24.2 | protobuf (3.0.0) | Not Affected | Code Not Present | 3.0.0 does not match CVE configuration. |
| 24.1 | protobuf (3.0.0) | Not Affected | Code Not Present | 3.0.0 does not match CVE configuration. |
| 23.3 | protobuf (3.0.0) | Not Affected | Code Not Present | 3.0.0 does not match CVE configuration. |
| 23.2.1 | protobuf (3.0.0) | Not Affected | Code Not Present | 3.0.0 does not match CVE configuration. |
| 23.2 | protobuf (3.0.0) | Not Affected | Code Not Present | 3.0.0 does not match CVE configuration. |
| 23.1 | protobuf (3.0.0) | Not Affected | Code Not Present | 3.0.0 does not match CVE configuration. |
| 22.4 | protobuf (3.0.0) | Not Affected | Code Not Present | 3.0.0 does not match CVE configuration. |
| 22.3 | protobuf (3.0.0) | Not Affected | Code Not Present | 3.0.0 does not match CVE configuration. |
| 22.2 | protobuf (3.0.0) | Not Affected | Code Not Present | 3.0.0 does not match CVE configuration. |
| 22.1 | protobuf (3.0.0) | Not Affected | Code Not Present | 3.0.0 does not match CVE configuration. |
| 21.11.1 | protobuf (3.0.0) | Not Affected | Code Not Present | 3.0.0 does not match CVE configuration. |
| 21.11 | protobuf (3.0.0) | Not Affected | Code Not Present | 3.0.0 does not match CVE configuration. |
| 21.8.1 | protobuf (3.0.0) | Not Affected | Code Not Present | 3.0.0 does not match CVE configuration. |
| 21.8 | protobuf (3.0.0) | Not Affected | Code Not Present | 3.0.0 does not match CVE configuration. |
| 21.5.1 | protobuf (3.0.0) | Not Affected | Code Not Present | 3.0.0 does not match CVE configuration. |
| 21.5.0 | protobuf (3.0.0) | Not Affected | Code Not Present | 3.0.0 does not match CVE configuration. |
| 21.2.0 | protobuf (3.0.0) | Not Affected | Code Not Present | 3.0.0 does not match CVE configuration. |
| 11.4.20 | protobuf (3.0.0) | Not Affected | Code Not Present | 3.0.0 does not match CVE configuration. |
| 11.4.19.3667 | protobuf (3.0.0) | Not Affected | Code Not Present | 3.0.0 does not match CVE configuration. |
| 11.4.18.3599 | protobuf (3.0.0) | Not Affected | Code Not Present | 3.0.0 does not match CVE configuration. |
| 11.4.17 | protobuf (3.0.0) | Not Affected | Code Not Present | 3.0.0 does not match CVE configuration. |
| 11.4.16.3445 | protobuf (3.0.0) | Not Affected | Code Not Present | 3.0.0 does not match CVE configuration. |
| 11.4.15.3368 | protobuf (3.0.0) | Not Affected | Code Not Present | 3.0.0 does not match CVE configuration. |
| 11.4.14.3263 | protobuf (3.0.0) | Not Affected | Code Not Present | 3.0.0 does not match CVE configuration. |
| 11.4.13.3179 | protobuf (3.0.0) | Not Affected | Code Not Present | 3.0.0 does not match CVE configuration. |
| 11.4.12.3054 | protobuf (3.0.0) | Not Affected | Code Not Present | 3.0.0 does not match CVE configuration. |
| 11.4.11.3040 | protobuf (3.0.0) | Not Affected | Code Not Present | 3.0.0 does not match CVE configuration. |
| 11.4.11.2990 | protobuf (3.0.0) | Not Affected | Code Not Present | 3.0.0 does not match CVE configuration. |
| 11.4.10.2934 | protobuf (3.0.0) | Not Affected | Code Not Present | 3.0.0 does not match CVE configuration. |
| 11.4.9.2878 | protobuf (3.0.0) | Not Affected | Code Not Present | 3.0.0 does not match CVE configuration. |
| 11.4.8.2822 | protobuf (3.0.0) | Not Affected | Code Not Present | 3.0.0 does not match CVE configuration. |
Severity score breakdown
Attack Complexity
LOW
Attack Vector
NETWORK
Availability Impact
HIGH
Base Score
7.5
Base Severity
HIGH
Confidentiality Impact
NONE
Integrity Impact
NONE
Privileges Required
NONE
Scope
UNCHANGED
User Interaction
NONE
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version
3.1