Bug 2477130 (CVE-2026-44289)
| Summary: | CVE-2026-44289 protobufjs: protobufjs: Denial of Service via uncontrolled recursion in protobuf decoding | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | abarbaro, abuckta, alizardo, amctagga, aoconnor, bbrownin, bniver, caswilli, cdrage, dkuc, dschmidt, erezende, flucifre, gmeno, groman, jchui, jhe, jkoehler, jlanda, jwong, kaycoth, kshier, ktsao, lchilton, lphiri, manissin, mbenjamin, mhackett, mstipich, nboldt, oaljalju, omaciel, orabin, psrna, rexwhite, rhel-process-autobot, rushinde, sfeifer, simaishi, smcdonal, sostapov, stcannon, sthirugn, teagle, ttakamiy, vereddy, watson-tool-maintainers, yguenane |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in protobufjs, a library that compiles protobuf definitions into JavaScript functions. A remote attacker could exploit this vulnerability by sending a specially crafted protobuf binary payload. This payload could cause uncontrolled recursion during the decoding of nested protobuf data, leading to the exhaustion of the JavaScript call stack. This ultimately results in a Denial of Service (DoS) for applications using the affected library.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2493393, 2493394, 2493395, 2493396, 2493397, 2493398 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-05-13 16:05:39 UTC
|