Lucene search
K

130 matches found

Amazon
Amazon
added 2026/04/13 12:0 a.m.7 views

Important: perl-XML-Parser

Issue Overview: XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size cause a heap corruption double free or corruption and crashes. A :utf8 PerlIO layer, parsestream in Expat.xs could overflow the XML input buffer because Perl's read returns decoded characters...

9.8CVSS6.1AI score0.00604EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.4 views

Amazon Linux 2023 : perl-XML-Parser, perl-XML-Parser-tests (ALAS2023-2026-1536)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1536 advisory. XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size cause a heap corruption double free or corruption and crashes. A :utf8 PerlIO layer, parsestream in...

9.8CVSS6.1AI score0.00604EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/04 5:33 a.m.12 views

@stablelib/cbor: Stack exhaustion Denial of Service via deeply nested CBOR arrays, maps, or tags

Summary @stablelib/cbor decodes nested CBOR structures recursively and does not enforce a maximum nesting depth. A sufficiently deep attacker-controlled CBOR payload can therefore crash decoding with RangeError: Maximum call stack size exceeded. Details The decoder processes arrays, maps, and...

5.9AI score
Exploits0References3Affected Software1
Debian
Debian
added 2026/03/28 9:13 p.m.7 views

[SECURITY] [DSA 6182-1] libxml-parser-perl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6182-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 28, 2026 https://www.debian.org/security/faq -...

9.8CVSS6AI score0.00548EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/03/28 12:25 a.m.11 views

SUSE CVE-2026-33532

yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...

4.3CVSS6.1AI score0.00469EPSS
Exploits1References3
NVD
NVD
added 2026/03/26 8:16 p.m.5 views

CVE-2026-33532

yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...

4.3CVSS0.00469EPSS
Exploits1References4
OSV
OSV
added 2026/03/26 8:16 p.m.5 views

DEBIAN-CVE-2026-33532

yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...

4.3CVSS5.7AI score0.00469EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/03/26 8:16 p.m.9 views

CVE-2026-33532

yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...

4.3CVSS5.9AI score0.00469EPSS
Exploits1References5
OSV
OSV
added 2026/03/26 8:16 p.m.9 views

UBUNTU-CVE-2026-33532

yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...

4.3CVSS6AI score0.00469EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/03/26 7:49 p.m.3 views

CVE-2026-33532

yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...

4.3CVSS6.1AI score0.00469EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 8:8 p.m.16 views

yaml is vulnerable to Stack Overflow via deeply nested YAML collections

Parsing a YAML document with yaml may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a depth bound. An attacker who can supply YAML for parsing can trigger a RangeError: Maximum call stack size exceeded with a small payload...

4.3CVSS5.9AI score0.00469EPSS
Exploits1References6Affected Software1
Snyk
Snyk
added 2026/03/25 8:8 p.m.2 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the compose/resolve phase due to using recursive function calls without a depth bound. An attacker can cause the application to throw a RangeError and potentially terminate the Node.js process by supplying a...

6.5CVSS5.9AI score0.00469EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.11 views

PT-2026-28167

Name of the Vulnerable Software and Affected Versions yaml versions prior to 1.10.3 yaml versions prior to 2.8.3 Description The yaml library is susceptible to a stack overflow when parsing YAML documents. The issue occurs during the node resolution/composition phase, which uses recursive functio...

4.3CVSS6AI score0.00469EPSS
Exploits1References31
Snyk
Snyk
added 2026/03/24 10:6 p.m.6 views

Uncontrolled Recursion

Overview Scriban is a Scriban is a fast, powerful, safe and lightweight scripting language and engine for .NET, which was primarily developed for text templating with a compatibility mode for parsing liquid templates. Today, not only Scriban can be used in text templating scenarios, but also can ...

8.7CVSS5.9AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/03/23 7:16 p.m.6 views

CVE-2026-26209

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Versions prior to 5.9.0 are vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding deeply nested CBOR structures. This vulnerability affects both the...

7.5CVSS7.1AI score0.00417EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/23 6:53 p.m.6 views

CVE-2026-26209

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Versions prior to 5.9.0 are vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding deeply nested CBOR structures. This vulnerability affects both the...

7.5CVSS5.8AI score0.00417EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.10 views

PT-2026-27176

Name of the Vulnerable Software and Affected Versions cbor2 versions prior to 5.9.0 Description The cbor2 library is susceptible to a Denial of Service DoS attack due to uncontrolled recursion when decoding deeply nested CBOR structures. This affects both the pure Python implementation and the C...

7.5CVSS7.2AI score0.00417EPSS
Exploits1References24
SUSE CVE
SUSE CVE
added 2026/03/20 10:29 a.m.5 views

SUSE CVE-2006-10003

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in stserialstack. In the case stackptr == stacksize - 1, the stack will NOT be expanded. Then the new value will be written at location ++stackptr, which equals stacksize and therefore falls just outside the allocat...

7.5CVSS6AI score0.00548EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/03/19 11:10 p.m.5 views

CVE-2006-10003

A flaw was found in XML::Parser, a Perl module for parsing XML. This vulnerability, an off-by-one heap buffer overflow, occurs when processing an XML file with very deep element nesting. A remote attacker could exploit this by providing a specially crafted XML file, potentially leading to memory...

9.8CVSS5.8AI score0.00548EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/19 12:30 p.m.8 views

EUVD-2006-7234

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in stserialstack. In the case stackptr == stacksize - 1, the stack will NOT be expanded. Then the new value will be written at location ++stackptr, which equals stacksize and therefore falls just outside the allocat...

9.8CVSS6AI score0.00548EPSS
Exploits0References4
Rows per page
Query Builder