Public/extract_otp_secrets
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

upgrade protobuf to 6.33.5 (fix security problem)

Browse Source 
Cause: protobuf affected by a JSON recursion depth bypass:

A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages.

Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the intended recursion limit, eventually exhausting Python’s recursion stack and causing a RecursionError.
This commit is contained in:
scito
2026-01-31 13:58:54 +01:00
committed by Roland Kurmann
parent a4fecc66ea
commit 74d95d2437
9 changed files with 436 additions and 416 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/protobuf_generated_python/google_auth_pb2.py
View File

@@ -2,7 +2,7 @@
# Generated by the protocol buffer compiler. DO NOT EDIT!
# NO CHECKED-IN PROTOBUF GENCODE
# source: google_auth.proto
# Protobuf Python Version: 6.33.4
# Protobuf Python Version: 6.33.5
"""Generated protocol buffer code."""
from google.protobuf import descriptor as _descriptor
from google.protobuf import descriptor_pool as _descriptor_pool
@@ -13,7 +13,7 @@ _runtime_version.ValidateProtobufRuntimeVersion(
_runtime_version.Domain.PUBLIC,
6,
33,
4,
5,
'',
'google_auth.proto'
)