Uncontrolled Recursion in google:protobuf

Summary

Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages, or a series of `SGROUP` tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of Service (DoS) by crashing the application with a "RecursionError". This issue affects protobuf (Python) versions through 4.25.7, 5.26.0rc1 through 5.29.4, and 6.30.0rc1 through 6.31.0 and protobuf (Cpp) through 3.25.7, 3.26.0-rc1 through 3.29.4, 4.22.0-rc1 through 4.25.7, 4.30.0-rc1 through 4.31.0, 5.26.0-rc1 through 5.29.4, 6.30.0-rc1 through 6.31.0, 16.2 through 25.7, 26-dev through 29.4, 30-dev through 31.0.