CVE-2025-53605

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-53605

Severity

5.9

Medium

CVSS V3

Description

The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::coded_input_stream::CodedInputStream::skip_group parsing of unknown fields in untrusted input.

References

https://images.chainguard.dev/security/CGA-3383-63fg-gj6q
https://github.com/advisories/GHSA-rxf6-323f-44fc
https://images.chainguard.dev/security/CGA-g958-hm8g-28vv
https://images.chainguard.dev/security/CGA-c55h-55j8-v7p3
https://images.chainguard.dev/security/CGA-vmmc-g25h-f793
https://crates.io/crates/protobuf
https://rustsec.org/advisories/RUSTSEC-2024-0437
https://github.com/stepancheg/rust-protobuf/issues/749

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2025-53605

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company