Lucene search
K

130 matches found

RedHat Linux
RedHat Linux
added 2022/09/09 7:12 a.m.2 views

jackson-databind: denial of service via a large depth of nested objects

A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...

7.5CVSS6.7AI score0.0486EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/08/10 10:13 a.m.3 views

golang: regexp: stack exhaustion via a deeply nested expression

A stack overflow flaw was found in Golang's regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large...

7.5CVSS7.2AI score0.03255EPSS
Exploits0References5
Snyk
Snyk
added 2022/07/20 8:52 p.m.3 views

Uncontrolled Recursion

Overview std/encoding/gob is a Go standard library package std/encoding/gob Affected versions of this package are vulnerable to Uncontrolled Recursion. Go Vulnerability Report: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion...

8.7CVSS6.8AI score0.01403EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2022/06/30 9:0 p.m.2 views

golang: regexp: stack exhaustion via a deeply nested expression

A stack overflow flaw was found in Golang's regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large...

7.5CVSS7.2AI score0.03255EPSS
Exploits0References5
OSV
OSV
added 2022/03/11 7:15 a.m.3 views

UBUNTU-CVE-2020-36518

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects...

7.5CVSS6.8AI score0.0486EPSS
Exploits1References3
OSV
OSV
added 2021/03/15 9:0 p.m.7 views

USN-4784-1 xerces-c vulnerabilities

It was discovered that Xerces-C++ XML Parser mishandles certain kinds of external DTD references, resulting in a user-after-free. An attacker could use this vulnerability to cause a denial of service crash or possibly execute arbitrary code. This issue affected only Ubuntu 16.04 ESM. CVE-2016-209...

10CVSS7.4AI score0.14138EPSS
Exploits3References4
OSV
OSV
added 2018/05/31 8:29 p.m.3 views

DEBIAN-CVE-2014-10064

The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example...

7.5CVSS6.8AI score0.01286EPSS
Exploits0References1
OSV
OSV
added 2016/05/01 1:59 a.m.1 views

DEBIAN-CVE-2016-4421

epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service deep recursion, stack consumption, and application crash via a packet that specifies deeply nested data...

5.9CVSS6.3AI score0.01354EPSS
Exploits0References1
NVD
NVD
added 2016/01/29 7:59 p.m.13 views

CVE-2015-8789

Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" followed by another element of an upper level in an EBML document...

9.6CVSS9.4AI score0.02126EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2006/01/01 12:0 a.m.6 views

PT-2026-26286

Name of the Vulnerable Software and Affected Versions XML::Parser versions through 2.47 Description The software contains a heap buffer overflow in the st serial stack function. This occurs when parsing XML files with deeply nested elements. Specifically, when stackptr equals stacksize - 1, the...

9.8CVSS6AI score0.00604EPSS
Exploits0References31
Rows per page
Query Builder