184 matches found
GHSA-5XQW-8HWV-WG92 Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow
A Helm contributor discovered that a specially crafted JSON Schema within a chart can lead to a stack overflow. Impact A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack...
CVE-2024-58103
Square Wire before 5.2.0 does not enforce a recursion limit on nested groups in ByteArrayProtoReader32.kt and ProtoReader.kt...
Wire has Uncontrolled Recursion on Nested Groups
Square Wire before 5.2.0 does not enforce a recursion limit on nested groups in ByteArrayProtoReader32.kt and ProtoReader.kt...
CVE-2024-58103
Square Wire before 5.2.0 does not enforce a recursion limit on nested groups in ByteArrayProtoReader32.kt and ProtoReader.kt...
CVE-2024-58103
Square Wire before 5.2.0 does not enforce a recursion limit on nested groups in ByteArrayProtoReader32.kt and ProtoReader.kt...
CVE-2024-58103
CVE-2024-58103 affects Square Wire prior to 5.2.0, where ByteArrayProtoReader32.kt and ProtoReader.kt do not enforce a recursion limit on nested groups. Root cause: lack of recursion depth limit in the reader implementation, enabling deeply nested structures that can lead to resource exhaustion. ...
CVE-2024-58103
Square Wire before 5.2.0 does not enforce a recursion limit on nested groups in ByteArrayProtoReader32.kt and ProtoReader.kt...
CVE-2024-58103
Square Wire before 5.2.0 does not enforce a recursion limit on nested groups in ByteArrayProtoReader32.kt and ProtoReader.kt...
Square Wire 安全漏洞
Square Wire is an open source protocol buffer processing library open-sourced by Square in the United States, mainly used for efficient data serialization and deserialization. A security vulnerability exists in Square Wire versions prior to 5.2.0, which stems from not enforcing a recursion...
PT-2025-11969 · Suricata +1 · Suricata +1
Name of the Vulnerable Software and Affected Versions: Suricata versions affected versions not specified Description: The issue is related to an infinite loop that can occur with negated pcre and an indefinite recursion limit setting. Recommendations: At the moment, there is no information about ...
CosmosSDK: Transaction decoding may result in a stack overflow or resource exhaustion
ASA-2024-0012: Transaction decoding may result in a stack overflow When decoding a maliciously formed packet with a deeply-nested structure, it may be possible for a stack overflow to occur and result in a network halt. This was addressed by adding a recursion limit while decoding the packet...
freewvs's nested directory structure can interrupt scan
Impact A directory structure of more than 1000 nested directories can interrupt a freewvs scan due to Python's recursion limit and os.walk. This can be problematic in a case where an administrator scans the dirs of potentially untrusted users. Patches This has been fixed in this commit by limitin...
GHSA-7PMH-VRWW-25XX freewvs's nested directory structure can interrupt scan
Impact A directory structure of more than 1000 nested directories can interrupt a freewvs scan due to Python's recursion limit and os.walk. This can be problematic in a case where an administrator scans the dirs of potentially untrusted users. Patches This has been fixed in this commit by limitin...
GHSA-PWR2-4V36-6QPR orjson does not limit recursion for deeply nested JSON documents
orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents...
PYSEC-2024-40
orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents...
PYSEC-2024-40
orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents...
Design/Logic Flaw
orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents...
DEBIAN-CVE-2024-27454
orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents...
CVE-2024-27454
orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents...
PT-2024-21907 · Orjson · Orjson
Name of the Vulnerable Software and Affected Versions: orjson versions prior to 3.9.15 Description: The issue is related to the orjson.loads function in orjson, which does not limit recursion for deeply nested JSON documents. This can lead to potential exploitation. Recommendations: For versions...