Home / mailings [USN-8063-2] Protocol Buffers vulnerability
Posted on 26 May 2026
Ubuntu Security==========================================================================Ubuntu Security Notice USN-8063-2
May 26, 2026
protobuf vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Protocol Buffers could be made to consume resources if it received
specially crafted input.
Software Description:
- protobuf: protocol buffers data serialization library
Details:
USN-8063-1 fixed a vulnerability in Protocol Buffers. This update provides
the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that Protocol Buffers incorrectly handled recursion
when the Python google.protobuf.json_format.ParseDict() function is being
used. An attacker could possibly use this issue to cause Protocol Buffers
to consume resources, resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
libprotobuf17 3.6.1.3-2ubuntu5.2+esm3
Available with Ubuntu Pro
python-protobuf 3.6.1.3-2ubuntu5.2+esm3
Available with Ubuntu Pro
python3-protobuf 3.6.1.3-2ubuntu5.2+esm3
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libprotobuf10 3.0.0-9.1ubuntu1.1+esm4
Available with Ubuntu Pro
python-protobuf 3.0.0-9.1ubuntu1.1+esm4
Available with Ubuntu Pro
python3-protobuf 3.0.0-9.1ubuntu1.1+esm4
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8063-2
https://ubuntu.com/security/notices/USN-8063-1
CVE-2026-0994
--===============4172230936529427358==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
