Lucene search
K

130 matches found

NVD
NVD
added 2026/03/19 12:16 p.m.8 views

CVE-2006-10003

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in stserialstack. In the case stackptr == stacksize - 1, the stack will NOT be expanded. Then the new value will be written at location ++stackptr, which equals stacksize and therefore falls just outside the allocat...

9.8CVSS0.00548EPSS
Exploits0References21
OSV
OSV
added 2026/03/19 12:16 p.m.9 views

UBUNTU-CVE-2006-10003

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in stserialstack. In the case stackptr == stacksize - 1, the stack will NOT be expanded. Then the new value will be written at location ++stackptr, which equals stacksize and therefore falls just outside the allocat...

9.8CVSS6AI score0.00548EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/19 11:8 a.m.4 views

CVE-2006-10003 XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in stserialstack. In the case stackptr == stacksize - 1, the stack will NOT be expanded. Then the new value will be written at location ++stackptr, which equals stacksize and therefore falls just outside the allocat...

6AI score0.00548EPSS
Exploits0References3
CVE
CVE
added 2026/03/19 11:8 a.m.17 views

CVE-2006-10003

XML::Parser (Perl) up to version 2.47 contains an off-by-one heap buffer overflow in st_serial_stack, enabling memory corruption and crashes on deeply nested XML. A patched version is available (varies by distro) — Debian fixes 2.46-2+deb11u1 and 2.47-2~deb13u1; RedHat/Debian/Linux advisories als...

9.8CVSS6AI score0.00548EPSS
Exploits0References21Affected Software1
Cvelist
Cvelist
added 2026/03/19 11:8 a.m.30 views

CVE-2006-10003 XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in stserialstack. In the case stackptr == stacksize - 1, the stack will NOT be expanded. Then the new value will be written at location ++stackptr, which equals stacksize and therefore falls just outside the allocat...

0.00548EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/19 11:8 a.m.11 views

CVE-2006-10003

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in stserialstack. In the case stackptr == stacksize - 1, the stack will NOT be expanded. Then the new value will be written at location ++stackptr, which equals stacksize and therefore falls just outside the allocat...

9.8CVSS6AI score0.00548EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/03/19 11:8 a.m.5 views

CVE-2006-10003

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in stserialstack. In the case stackptr == stacksize - 1, the stack will NOT be expanded. Then the new value will be written at location ++stackptr, which equals stacksize and therefore falls just outside the allocat...

9.8CVSS5.6AI score0.00548EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.7 views

XML::Parser 安全漏洞

XML::Parser is an open-source XML document parsing module written in Perl by CPAN authors. Versions of XML::Parser 2.47 and earlier contained security vulnerabilities. These vulnerabilities were caused by a buffer overflow in stserialstack, which could lead to writing beyond the allocated buffer...

9.8CVSS6.1AI score0.00548EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/03/19 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2006-10003

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in stserialstack. In the case stackptr == stacksize - 1, the stack will NOT be...

9.8CVSS6AI score0.00548EPSS
Exploits0References3
OSV
OSV
added 2026/03/18 8:17 p.m.9 views

GHSA-RF74-V2FM-23PW Natural Language Toolkit (NLTK) has unbounded recursion in JSONTaggedDecoder.decode_obj() may cause DoS

Summary JSONTaggedDecoder.decodeobj in nltk/jsontags.py calls itself recursively without any depth limit. A deeply nested JSON structure exceeding sys.getrecursionlimit default: 1000 will raise an unhandled RecursionError, crashing the Python process. Affected code File: nltk/jsontags.py, lines...

5.1CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/03/17 4:17 p.m.4 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion when decoding ASN.1 data. An attacker can cause the application to crash or exhaust system memory by supplying specially crafted ASN.1 data with deeply nested SEQUENCE or SET tags using indefinite Length markers...

8.7CVSS7.2AI score0.0058EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/17 2:7 p.m.9 views

Uncontrolled Recursion

Overview justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Uncontrolled Recursion in the construction, when parsing deeply nested HTML structures. An attacker can cause the application to terminate unexpectedly or fail requests by...

7.1CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2026/03/12 6:16 p.m.4 views

CVE-2026-32141

flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow...

7.5CVSS0.00777EPSS
Exploits1References12
Vulnrichment
Vulnrichment
added 2026/02/19 8:45 p.m.4 views

CVE-2026-27014 NanZip has ROMFS Archive Infinite Loop / Stack Overflow

NanaZip is an open source file archive Starting in version 5.0.1252.0 and prior to version 6.0.1630.0, circular NextOffset chains cause an infinite loop, and deeply nested directories cause unbounded recursion stack overflow in the ROMFS archive parser. Version 6.0.1630.0 patches the issue...

5.1CVSS5.5AI score0.00152EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2026/02/10 12:0 a.m.6 views

MongoDB Server -- Multiple vulnerabilities

https://jira.mongodb.org/browse/SERVER-114126 reports: Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash. https://jira.mongodb.org/browse/SERVER-102364 reports: MongoDB Server may experience an out-of-memory failure while evaluating...

7.5CVSS5.5AI score0.00272EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2026/02/02 12:0 a.m.7 views

Huawei EulerOS: Security Advisory for polkit (EulerOS-SA-2026-1190)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.7CVSS5.4AI score0.00184EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/27 1:43 p.m.3 views

CVE-2025-67221

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...

7.5CVSS5.9AI score0.0055EPSS
Exploits1References5
OSV
OSV
added 2026/01/22 5:16 p.m.8 views

PYSEC-2026-107

The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents...

7.5CVSS5.8AI score0.0055EPSS
Exploits1References3
Snyk
Snyk
added 2026/01/22 3:46 a.m.5 views

Allocation of Resources Without Limits or Throttling

Overview seroval is a Stringify JS values Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when serializing objects with very large depth. An attacker can cause resource exhaustion and disrupt service availability by submitting objects with...

8.7CVSS5.5AI score0.00403EPSS
Exploits0References2
NVD
NVD
added 2026/01/22 3:15 a.m.6 views

CVE-2026-24006

Seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, serialization of objects with extreme depth can exceed the maximum call stack limit. In version 1.4.1, Seroval introduces a depthLimit parameter in...

7.5CVSS0.00403EPSS
Exploits0References2
Rows per page
Query Builder