python3-protobuf: ignore CVE-2024-7254 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Naman Jain <namanj1@kpit.com>	2026-03-30 12:21:50 +0530
committer	Gyorgy Sarvari <skandigraun@gmail.com>	2026-04-03 10:40:37 +0000
commit	457e1a61e09e26e722f1e136de6a04896c8bc1a6 (patch)
tree	1176076320237f334c4a54a7ae47df36a6696114 /meta-python/README
parent	9d8ef26a9693e2c70ae34abe1a753873d42ec588 (diff)
download	meta-openembedded-457e1a61e09e26e722f1e136de6a04896c8bc1a6.tar.gz

python3-protobuf: ignore CVE-2024-7254

CVE-2024-7254 is a stack overflow vulnerability caused by unbounded recursion, specifically within the Java Protobuf Lite and Full runtimes (including Kotlin and JRuby bindings). The python3-protobuf recipe builds the Python implementation using the C++ backend (--cpp_implementation). This implementation does not contain the vulnerable Java-specific parsing logic (such as DiscardUnknownFieldsParser or ArrayDecoders). Authoritative security sources, including Red Hat and GitHub Advisory have confirmed that non-Java implementations (Python/C++) are not affected by this specific flaw. Reference: https://access.redhat.com/security/cve/cve-2024-7254 Signed-off-by: Naman Jain <namanj1@kpit.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>

Diffstat (limited to 'meta-python/README')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: