Jettison 安全漏洞

Jettison is jettison-json open source Jettison is a Java library . Jettison is a Java library that is used to convert XML to JSON with the help of StAX. Jettison JSONArray has a security vulnerability , the vulnerability stems from the infinite recursion in Jettison leads to a denial of service...

CVE-2023-1436

An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown...

CVE-2023-1436 Infinite recursion in Jettison leads to denial of service when creating a crafted JSONArray

An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown...

A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host resulting in a denial of service. The highest threat from this vulnerability is to system availability.

...

SUSE CVE-2006-2274

Linux SCTP lksctp before 2.6.17 allows remote attackers to cause a denial of service infinite recursion and crash via a packet that contains two or more DATA fragments, which causes an skb pointer to refer back to itself when the full message is reassembled, leading to infinite recursion in the...

SUSE CVE-2006-6297

Stack consumption vulnerability in the KFILE JPEG kfilejpeg plugin in kdegraphics 3, as used by konqueror, digikam, and other KDE image browsers, allows remote attackers to cause a denial of service stack consumption via a crafted EXIF section in a JPEG file, which results in an infinite recursio...

SUSE CVE-2011-1140

Multiple stack consumption vulnerabilities in the dissectmscompressedstring and dissectmscldapstring functions in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allow remote attackers to cause a denial of service infinite recursion via a crafted 1 SMB or 2 Connection-less LDAP CLD...

SUSE CVE-2014-1943

Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service infinite recursion, CPU consumption, and crash via a crafted indirect offset value in the magic of a file...

SUSE CVE-2015-3254

The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service infinite recursion via vectors involving the skip function...

SUSE CVE-2016-3627

The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service infinite recursion, stack consumption, and application crash via a crafted XML document...

SUSE CVE-2016-4491

The dprintcomp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service segmentation fault and crash via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having "itself as ancestor more than once."...

SUSE CVE-2016-9431

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page...

SUSE CVE-2016-9439

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page...

SUSE CVE-2016-9625

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page...

SUSE CVE-2016-9626

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page...

SUSE CVE-2017-7618

crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service API operation calling its own callback, and infinite recursion by triggering EBUSY on a full queue...

SUSE CVE-2017-8054

The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service infinite recursion and application crash via a crafted PDF document...

SUSE CVE-2017-8053

PoDoFo 0.9.5 allows denial of service infinite recursion and stack consumption via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure PdfParser.cpp...

SUSE CVE-2017-9208

libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service infinite recursion and stack consumption via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1...

SUSE CVE-2017-9209

libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service infinite recursion and stack consumption via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2...