130 matches found
jackson-databind: denial of service via a large depth of nested objects
A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...
golang: regexp: stack exhaustion via a deeply nested expression
A stack overflow flaw was found in Golang's regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large...
Uncontrolled Recursion
Overview std/encoding/gob is a Go standard library package std/encoding/gob Affected versions of this package are vulnerable to Uncontrolled Recursion. Go Vulnerability Report: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion...
golang: regexp: stack exhaustion via a deeply nested expression
A stack overflow flaw was found in Golang's regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large...
UBUNTU-CVE-2020-36518
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects...
USN-4784-1 xerces-c vulnerabilities
It was discovered that Xerces-C++ XML Parser mishandles certain kinds of external DTD references, resulting in a user-after-free. An attacker could use this vulnerability to cause a denial of service crash or possibly execute arbitrary code. This issue affected only Ubuntu 16.04 ESM. CVE-2016-209...
DEBIAN-CVE-2014-10064
The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example...
DEBIAN-CVE-2016-4421
epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service deep recursion, stack consumption, and application crash via a packet that specifies deeply nested data...
CVE-2015-8789
Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" followed by another element of an upper level in an EBML document...
PT-2026-26286
Name of the Vulnerable Software and Affected Versions XML::Parser versions through 2.47 Description The software contains a heap buffer overflow in the st serial stack function. This occurs when parsing XML files with deeply nested elements. Specifically, when stackptr equals stacksize - 1, the...