434 matches found
Uncontrolled Recursion
Overview std/go/build/constraint is a Go standard library package std/go/build/constraint Affected versions of this package are vulnerable to Uncontrolled Recursion. Go Vulnerability Report: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stac...
Uncontrolled Recursion
Overview std/encoding/gob is a Go standard library package std/encoding/gob Affected versions of this package are vulnerable to Uncontrolled Recursion. Go Vulnerability Report: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion...
SUSE CVE-2024-34158
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion...
Google Golang 安全漏洞
Google Golang is a static strongly typed, compiled language from Google.Go's syntax is close to that of C, but differs with respect to variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages that...
PT-2024-6107 · Go +10 · Go +10
Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.23.1 and 1.22.1 Description: The issue is related to the Parse function in the Go programming language, which can cause a panic due to stack exhaustion when dealing with deeply nested literals in Go source code. This ca...
SUSE CVE-2024-43398
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability...
AZL-48156 CVE-2024-43398 affecting package rubygem-rexml for versions less than 3.3.9-1
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability...
DEBIAN-CVE-2024-43398
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability...
AZL-48150 CVE-2024-43398 affecting package ruby for versions less than 3.1.7-1
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability...
GHSA-2RWM-XV5J-777P Eclipse Parsson stack overflow when parsing deeply nested input
In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing e.g. parse, generate, transform and query JSON documents...
GHSA-W5GG-2Q56-6H4F Elasticsearch Uncontrolled Resource Consumption vulnerability
A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash...
CVE-2024-23450
A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash...
UBUNTU-CVE-2024-23450
A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash...
BIT-GOLANG-2022-24921
regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression...
BIT-GOLANG-2022-30635 Stack exhaustion when decoding certain messages in encoding/gob
Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures...
GHSA-PWR2-4V36-6QPR orjson does not limit recursion for deeply nested JSON documents
orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents...
PYSEC-2024-40
orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents...
DEBIAN-CVE-2024-27454
orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents...
PYSEC-2024-40
orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents...
orjson Security Vulnerabilities
orjson is a fast and correct Python JSON library for ijl individual developers. A security vulnerability exists in versions of orjson prior to 3.9.15, which stems from recursion in unrestricted deeply nested JSON documents...