Bug 2491473 (CVE-2026-54269)
| Summary: | CVE-2026-54269 protobufjs: protobufjs-cli: protobufjs: Denial of Service due to name collision with runtime helpers | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | aazores, abarbaro, abuckta, alizardo, amctagga, aoconnor, bbrownin, bniver, cdrage, cmah, dkuc, dschmidt, eaguilar, ebaron, erezende, flucifre, gmeno, groman, jchui, jhe, jkoehler, jlanda, jolong, jwong, kaycoth, kshier, ktsao, lchilton, lphiri, manissin, mbenjamin, mhackett, mstipich, nboldt, oaljalju, omaciel, orabin, pjindal, psrna, rexwhite, rhel-process-autobot, rushinde, sfeifer, simaishi, sostapov, stcannon, sthirugn, teagle, ttakamiy, vereddy, watson-tool-maintainers, yguenane |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in protobufjs, a JavaScript (JS) library for compiling protobuf definitions. A remote attacker could exploit this vulnerability by providing specially crafted protobuf definitions or message types that contain names colliding with internal protobufjs runtime helpers. This could lead to deterministic exceptions or recursive calls during various operations, ultimately causing a Denial of Service (DoS) in applications using the library.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2026-06-22 18:03:28 UTC
|