SUSE-SU-2025:03239-1 Security update for expat

This update for expat fixes the following issues: expat was updated to version 2.7.1: - Bug fixes: - Restore event pointer behavior from Expat 2.6.4 that the fix to CVE-2024-8176 changed in 2.7.0; affected API functions are: - XMLGetCurrentByteCount - XMLGetCurrentByteIndex -...

SUSE-SU-2025:02310-1 Security update for protobuf

This update for protobuf fixes the following issues: - CVE-2025-4565: Fix parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or messages that can lead to crash due to RecursionError bsc1244663...

BIT-ELASTICSEARCH-2024-52980 Elasticsearch Uncontrolled Resource Consumption vulnerability

A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. A successful attack requires a malicious user to have readpipeline Elasticsearch cluster privilege assigned to the...

CVE-2024-52980 Elasticsearch Uncontrolled Resource Consumption vulnerability

A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. A successful attack requires a malicious user to have readpipeline Elasticsearch cluster privilege assigned to the...

CLSA-2022-1644855867 Fix CVE(s): CVE-2022-0351, CVE-2022-0359, CVE-2022-0368, CVE-2022-0361

SECURITY UPDATE: Condition with many "" causes a crash - debian/patches/CVE-2022-0351.patch: Limit recursion depth to 1000 - CVE-2022-0351 SECURITY UPDATE: Illegal memory access with large tabstop in Ex mode - debian/patches/CVE-2022-0359.patch: Allocate enough memory - CVE-2022-0359 SECURITY...

UBUNTU-CVE-2014-0221

The dtls1getmessagefragment function in d1both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service recursion and client crash via a DTLS hello message in an invalid DTLS handshake...

Double free

queryparams.cpp in cxxtools before 2.2.1 allows remote attackers to cause a denial of service infinite recursion and crash via an HTTP query that contains %% double percent characters...

CVE-2003-0851

OpenSSL 0.9.6k allows remote attackers to cause a denial of service crash via large recursion via malformed ASN.1 sequences...