Fix Any recursion depth bypass in Python json_format.ParseDict#25239
Fix Any recursion depth bypass in Python json_format.ParseDict#25239aviralgarg05 wants to merge 1 commit intoprotocolbuffers:mainfrom
Conversation
There was a problem hiding this comment.
Consider:
-
Add a comment clarifying how you count depth and whether max_recursion_depth is inclusive/exclusive.
-
Adding a test that explicitly asserts that depth==max_recursion_depth-1 succeeds and depth==max_recursion_depth fails, so the boundary behavior is documented.
f5f10f2 to
3cbbcbe
Compare
|
I understand this this is failing CI/CD and all... but we are stuck with our packages failing on vulnerabilities with this fix. What is the ETA for getting this merged? |
ankitsinha-cmyk
left a comment
There was a problem hiding this comment.
@aviralgarg05 thanks for incorporating the changes. Looks fine to me now.
A new vulnerability (CVE-2026-0994) was reported and is not yet fixed. It affects protobuf libraries used by the livekit-api Python package. A fix is in progress upstream, but the related PR has not yet been merged or released. Since a release is required tonight, the Trivy scan step is temporarily disabled to allow the build to proceed. This should be re-enabled once a patched version is available. protocolbuffers/protobuf#25239
A new vulnerability (CVE-2026-0994) was reported and is not yet fixed. It affects protobuf libraries used by the livekit-api Python package. A fix is in progress upstream, but the related PR has not yet been merged or released. Since a release is required tonight, the Trivy scan step is temporarily disabled to allow the build to proceed. This should be re-enabled once a patched version is available. protocolbuffers/protobuf#25239
A new vulnerability (CVE-2026-0994) was reported and is not yet fixed. It affects protobuf libraries used by the livekit-api Python package. A fix is in progress upstream, but the related PR has not yet been merged or released. Since a release is required tonight, the Trivy scan step is temporarily disabled to allow the build to proceed. This should be re-enabled once a patched version is available. protocolbuffers/protobuf#25239
A new vulnerability (CVE-2026-0994) was reported and is not yet fixed. It affects protobuf libraries used by the livekit-api Python package. A fix is in progress upstream, but the related PR has not yet been merged or released. Since a release is required tonight, the Trivy scan step is temporarily disabled to allow the build to proceed. This should be re-enabled once a patched version is available. protocolbuffers/protobuf#25239
This will enable running the CI and its checks. There is a fix upstream waiting to be merged and released: protocolbuffers/protobuf#25239
This will enable running the CI and its checks. There is a fix upstream waiting to be merged and released: protocolbuffers/protobuf#25239
This will enable running the CI and its checks. There is a fix upstream waiting to be merged and released: protocolbuffers/protobuf#25239
In the case of quotes and backslashes (which are the most common things that need escaping) we can avoid going into Utf8 bytes for most cases this way, while also only doing 1 pass over the string when it doesn't need escaping at all. COPYBARA_INTEGRATE_REVIEW=#25239 from aviralgarg05:fix-any-recursion-depth-bypass 3cbbcbe FUTURE_COPYBARA_INTEGRATE_REVIEW=#25239 from aviralgarg05:fix-any-recursion-depth-bypass 3cbbcbe PiperOrigin-RevId: 862311595
This fixes a security vulnerability where nested google.protobuf.Any messages could bypass the max_recursion_depth limit, potentially leading to denial of service via stack overflow. The root cause was that _ConvertAnyMessage() was calling itself recursively via methodcaller() for nested well-known types, bypassing the recursion depth tracking in ConvertMessage(). The fix routes well-known type parsing through ConvertMessage() to ensure proper recursion depth accounting for all message types including nested Any. Fixes #25070 Closes #25239 COPYBARA_INTEGRATE_REVIEW=#25239 from aviralgarg05:fix-any-recursion-depth-bypass 3cbbcbe PiperOrigin-RevId: 862740421
This fixes a security vulnerability where nested google.protobuf.Any messages could bypass the max_recursion_depth limit, potentially leading to denial of service via stack overflow. The root cause was that _ConvertAnyMessage() was calling itself recursively via methodcaller() for nested well-known types, bypassing the recursion depth tracking in ConvertMessage(). The fix routes well-known type parsing through ConvertMessage() to ensure proper recursion depth accounting for all message types including nested Any. Fixes #25070 Closes #25239 COPYBARA_INTEGRATE_REVIEW=#25239 from aviralgarg05:fix-any-recursion-depth-bypass 3cbbcbe PiperOrigin-RevId: 862740421
… (#25586) This fixes a security vulnerability where nested google.protobuf.Any messages could bypass the max_recursion_depth limit, potentially leading to denial of service via stack overflow. The root cause was that _ConvertAnyMessage() was calling itself recursively via methodcaller() for nested well-known types, bypassing the recursion depth tracking in ConvertMessage(). The fix routes well-known type parsing through ConvertMessage() to ensure proper recursion depth accounting for all message types including nested Any. Fixes #25070 Closes #25239 COPYBARA_INTEGRATE_REVIEW=#25239 from aviralgarg05:fix-any-recursion-depth-bypass 3cbbcbe PiperOrigin-RevId: 862740421 Co-authored-by: Aviral Garg <gargaviral99@gmail.com>
… (#25587) This fixes a security vulnerability where nested google.protobuf.Any messages could bypass the max_recursion_depth limit, potentially leading to denial of service via stack overflow. The root cause was that _ConvertAnyMessage() was calling itself recursively via methodcaller() for nested well-known types, bypassing the recursion depth tracking in ConvertMessage(). The fix routes well-known type parsing through ConvertMessage() to ensure proper recursion depth accounting for all message types including nested Any. Fixes #25070 Closes #25239 COPYBARA_INTEGRATE_REVIEW=#25239 from aviralgarg05:fix-any-recursion-depth-bypass 3cbbcbe PiperOrigin-RevId: 862740421 Co-authored-by: Aviral Garg <gargaviral99@gmail.com>
|
Thanks @paulhodson , that is a useful tip for future |
|
@aviralgarg05 @ankitsinha-cmyk @anandolee Is there any plans to bring this to version 4.25.x? We run a cloud function which depends on this version and updating will cause backwards incompatibility with other library versions as well for our customers. Thanks! |
Any update on above? Thanks! |
|
We don't plan to backport to 4.25 as Py 4.x has has been end of lifed for a year (after a year of high prio fixes only). See the chart here: The 25.x line is still specially maintenance support just for Java (so the same issue happening in Java would get a backport by contrast). Note that we're even in the final quarter of official high prio backports only for Py 5.x, so 4.x is getting quite behind the version treadmill here. Note that the breaking changes across this version boundaries are intentionally minor/obscure including that old gencode is still compatible, as described here: So we expect it should be rare that anyone should not be able to upgrade past these major version numbers without changing their application code at all. |
Thanks! We have other dependencies that will break such as google-cloud-sdk libs (https://github.com/observeinc/google-cloud-functions/blob/main/requirements.txt#L48) |
|
@sfc-gh-ndua I don't want to tell you how to manage your dependencies, but all of the Google Cloud packages you have are apparently pinned to versions from around 2023. But they're all actively maintained and have had many releases since then, which are presumably compatible with protobuf v5+. So you could just upgrade them...? |
|
Speaking authoritatively for Protobuf project: it does looking to me that cloud-sdk libs are stuck behind here (at least for their default set version, unclear about true-compatibility) and they is one of our biggest Google library usages. We'll follow up on that internally to see why its still stuck. Broadly we also know being 3 years behind on some deps is also relatively normal for lots of projects; we are just trying to thread the needle on being able to make changes that keep Protobuf healthy while still avoiding breaking people; there's unfortunately a direct tension where total stability (which we did for a while) makes things stagnant on all axes which ends up slowly building up over time to harm. We do try very hard to keep the breaking changes obscure to avoid people's difficulties upgrading. We had made some missteps with our last Java breaking change, which is partially why it has an extended support window, so we also know that even smaller seeming breaks can cause big problems for some customers. We are likely to do a 25 release for an unrelated Java issue; depending on the state of Cloud SDK and difficulty in releasing the backport we may consider backporting this thing to Py 4.x as well even though its officially end of life (but no promises here). Thanks! |
This fixes a security vulnerability where nested google.protobuf.Any messages could bypass the max_recursion_depth limit, potentially leading to denial of service via stack overflow.
The root cause was that _ConvertAnyMessage() was calling itself recursively via methodcaller() for nested well-known types, bypassing the recursion depth tracking in ConvertMessage().
The fix routes well-known type parsing through ConvertMessage() to ensure proper recursion depth accounting for all message types including nested Any.
Fixes #25070