Astra Linux – Vulnerability in liblivemedia

Live555 suffers from 1.08, which mishandles large requests for the same MP3 stream, leading to recursion and excessive buffer overflows based on the stack mechanism. An attacker can exploit this vulnerability to launch a DoS attack...

BIT-TENSORFLOW-2021-29615 Stack overflow in `ParseAttrValue` with nested tensors

TensorFlow is an end-to-end open source platform for machine learning. The implementation of ParseAttrValuehttps://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/framework/attrvalueutil.ccL397-L453 can be tricked into stack overflow due to recursion...

orjson Security Vulnerabilities

orjson is a fast and correct Python JSON library for ijl individual developers. A security vulnerability exists in versions of orjson prior to 3.9.15, which stems from recursion in unrestricted deeply nested JSON documents...

The vulnerability of the backup_xi.sh script, a Nagios XI monitoring tool, allows a hacker to delete any files they desire.

The vulnerability of the backupxi.sh script, a monitoring tool for Nagios XI, is related to an uncontrolled recursion during the processing of parameters name and rootdir. Exploiting this vulnerability could allow a malicious actor to delete any files they desire...

The vulnerability of the Java library for converting objects from XML to JSON format, Jettison, is related to an uncontrolled recursion. This allows a hacker to trigger a service failure.

The vulnerability of the Java library for converting objects from XML to JSON format by Jettison is related to an uncontrolled recursion. Exploiting this vulnerability could allow a malicious actor to cause service failures...

PT-2023-23505 · Telefônica Brasil · Telefônica Brasil Vivo Play

Name of the Vulnerable Software and Affected Versions: Telefnica Brasil Vivo Play IPTV Firmware version 2023.04.04.01.06.15 Description: The issue is related to a Denial of Service DoS via DNS Recursion. This means that the system can be made unavailable by exploiting its handling of DNS recursio...

UBUNTU-CVE-2023-1370

Json-smart is a performance focused, JSON processor lib. When reaching a ‘‘ or ‘‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays a...

UBUNTU-CVE-2021-36395

In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service...

SUSE CVE-2015-8873

Stack consumption vulnerability in Zend/zendexceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service segmentation fault via recursive method calls...

SUSE CVE-2018-16452

The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smbfdata via recursion...

SUSE CVE-2021-38380

Live555 through 1.08 mishandles huge requests for the same MP3 stream, leading to recursion and s stack-based buffer over-read. An attacker can leverage this to launch a DoS attack...

SUSE CVE-2022-30631

Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files...

Design/Logic Flaw

A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS query that retrieves DS records for a misconfigured domain, because QName minimization is used in QM fallback mode. This is fixed in 4.8.1...

dotnet: DenialOfService - ASP.NET Core MVC vulnerable to stack overflow via ModelStateDictionary recursion.

.NET Core and Visual Studio Denial of Service Vulnerability...

DEBIAN-CVE-2022-30635

Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures...

CVE-2022-30630

Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators...

DEBIAN-CVE-2022-1962

Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations...

CVE-2022-31173

Juniper is a GraphQL server library for Rust. Affected versions of Juniper are vulnerable to uncontrolled recursion resulting in a program crash. This issue has been addressed in version 0.15.10. Users are advised to upgrade. Users unable to upgrade should limit the recursion depth manually...

Huawei EulerOS: Security Advisory for edk2 (EulerOS-SA-2022-1106)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2021-3622

A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry hive file, which would cause hivex to recursively call the getchildren function, leading to a stack overflow. The highest threat from this vulnerability is to system availability...