Naman Jain 457e1a61e0 python3-protobuf: ignore CVE-2024-7254
CVE-2024-7254 is a stack overflow vulnerability caused by unbounded
recursion, specifically within the Java Protobuf Lite and Full runtimes
(including Kotlin and JRuby bindings).

The python3-protobuf recipe builds the Python implementation using the
C++ backend (--cpp_implementation). This implementation does not
contain the vulnerable Java-specific parsing logic (such as
DiscardUnknownFieldsParser or ArrayDecoders).

Authoritative security sources, including Red Hat and GitHub Advisory
have confirmed that non-Java implementations
(Python/C++) are not affected by this specific flaw.

Reference: https://access.redhat.com/security/cve/cve-2024-7254

Signed-off-by: Naman Jain <namanj1@kpit.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2026-04-03 10:40:37 +00:00
..
2022-03-21 09:57:28 -04:00
2025-10-27 11:17:43 +01:00
2021-08-03 10:21:25 -07:00
2021-08-03 10:21:25 -07:00
2022-03-21 09:57:28 -04:00