Lucene search
K

433 matches found

RedHat Linux
RedHat Linux
added 2022/12/07 8:19 a.m.4 views

jackson-databind: use of deeply nested arrays

A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer.deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices...

7.5CVSS6.8AI score0.02656EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2022/11/23 11:15 p.m.33 views

CVE-2022-45873

systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parseelfobject in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested...

5.5CVSS6.4AI score0.00254EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2022/11/23 12:0 a.m.44 views

CVE-2022-45873

systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parseelfobject in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested...

5.5CVSS5.6AI score0.00254EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2022/11/15 3:16 p.m.5 views

golang: encoding/gob: stack exhaustion in Decoder.Decode

A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability...

7.5CVSS6.6AI score0.01403EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/11/15 10:31 a.m.6 views

golang: encoding/gob: stack exhaustion in Decoder.Decode

A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability...

7.5CVSS6.6AI score0.01403EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/11/15 10:31 a.m.3 views

golang: go/parser: stack exhaustion in all Parse* functions

A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability...

5.5CVSS6.6AI score0.00863EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2022/11/15 10:31 a.m.8 views

golang: encoding/xml: stack exhaustion in Decoder.Skip

A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability...

7.5CVSS6.6AI score0.01875EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/11/08 9:43 a.m.3 views

golang: encoding/xml: stack exhaustion in Decoder.Skip

A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability...

7.5CVSS6.6AI score0.01875EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/11/08 9:43 a.m.4 views

golang: go/parser: stack exhaustion in all Parse* functions

A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability...

5.5CVSS6.6AI score0.00863EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2022/11/08 9:34 a.m.2 views

golang: go/parser: stack exhaustion in all Parse* functions

A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability...

5.5CVSS6.6AI score0.00863EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2022/11/08 9:34 a.m.5 views

golang: encoding/gob: stack exhaustion in Decoder.Decode

A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability...

7.5CVSS6.6AI score0.01403EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/10/25 9:7 a.m.2 views

golang: encoding/gob: stack exhaustion in Decoder.Decode

A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability...

7.5CVSS6.6AI score0.01403EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2022/10/17 7:1 a.m.137 views

CVE-2022-42004

A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer.deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices...

7.5CVSS3.1AI score0.02656EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2022/10/04 3:35 p.m.5 views

jackson-databind: denial of service via a large depth of nested objects

A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...

7.5CVSS6.7AI score0.0486EPSS
Exploits1References5
OSV
OSV
added 2022/10/02 5:15 a.m.1 views

DEBIAN-CVE-2022-42004

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization...

7.5CVSS6.9AI score0.02656EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2022/08/31 4:58 p.m.1 views

golang: regexp: stack exhaustion via a deeply nested expression

A stack overflow flaw was found in Golang's regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large...

7.5CVSS7.2AI score0.03255EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/08/18 3:12 p.m.3 views

golang: go/parser: stack exhaustion in all Parse* functions

A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability...

5.5CVSS6.6AI score0.00863EPSS
Exploits1References6
Microsoft CVE
Microsoft CVE
added 2022/08/16 7:0 a.m.4 views

Stack exhaustion due to deeply nested types in go/parser

...

5.5CVSS7.4AI score0.00863EPSS
Exploits1
NVD
NVD
added 2022/08/10 8:15 p.m.26 views

CVE-2022-30635

Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures...

7.5CVSS0.01403EPSS
Exploits0References5
OSV
OSV
added 2022/08/10 8:15 p.m.6 views

AZL-10537 CVE-2022-30635 affecting package golang for versions less than 1.18.5-1

Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures...

7.5CVSS6.7AI score0.01403EPSS
Exploits0References1
Rows per page
Query Builder