Back to CVE List

CVE-2026-59877

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
5.3 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Vulnerability Description

protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.6.5 and 8.6.6, protobufjs parsed option names by advancing through schema tokens until reaching an = token without checking for end of input, so a crafted .proto schema that opens an option declaration and ends prematurely can cause parse, Root.load, or Root.loadSync to loop indefinitely. This issue is fixed in versions 7.6.5 and 8.6.6.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-835
Source
NVD
Vendor
protobufjs
Product
protobuf.js

External References

Discussion (0)

Add Comment

No comments yet. Be the first!