94 matches found
UBUNTU-CVE-2022-42004
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization...
CVE-2022-42004
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization...
openSUSE Security Update : translate-toolkit (openSUSE-2018-130)
This update for translate-toolkit to 2.2.4 fixes several issues. This security issue was fixed : - Prevent inclusion of external ressources XXE boo1073535 These non-security issues were fixed : - Added support for nested and WebExtension JSON dialects. - po2txt no longer converts non-translatable...
DEBIAN-CVE-2014-4330
The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service stack consumption and crash via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DDdump...
UBUNTU-CVE-2014-4330
The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service stack consumption and crash via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DDdump...
security flaw
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service stack exhaustion and PHP crash via deeply nested arrays, which trigger deep recursion in the variable destruction routines...
security flaw
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service stack exhaustion and PHP crash via deeply nested arrays, which trigger deep recursion in the variable destruction routines...
security flaw
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service stack exhaustion and PHP crash via deeply nested arrays, which trigger deep recursion in the variable destruction routines...
security flaw
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service stack exhaustion and PHP crash via deeply nested arrays, which trigger deep recursion in the variable destruction routines...
security flaw
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service stack exhaustion and PHP crash via deeply nested arrays, which trigger deep recursion in the variable destruction routines...
DEBIAN-CVE-2007-1325
The PMAArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service web server crash via an array with many dimensions. NOTE: it could be argued tha...
PT-2007-2700 · Php +1 · Php +1
Name of the Vulnerable Software and Affected Versions: PHP versions 4.x before 4.4.7 PHP versions 5.x before 5.2.2 Description: The issue allows remote attackers to cause a denial of service, resulting in stack exhaustion and a PHP crash. This is achieved by using deeply nested arrays, which...
PHP ZendEngine变量释放远程拒绝服务漏洞
PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP没有对嵌套数组的深度强制任何过滤检查。由于变量注册是以迭代的方式执行的,因此PHP会接受任何深度,直到达到memorylimit。PHP数组的释放是以递归的方式执行的,因此在耗尽了栈极限的时候就会崩溃。 攻击者可以利用上述问题以可控的方式导致PHP崩溃。假设以下PHP代码: if !checkUserPWD$user, $pass $errmsg = "There is problem ..."; displayError$errmsg; notifyAdminOfCrackAttempt; else ...
CVE-2004-1198
Microsoft Internet Explorer allows remote attackers to cause a denial of service application crash from memory consumption, as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays...