5224 matches found
GHSA-RCMH-QJQH-P98V Nodemailer’s addressparser is vulnerable to DoS caused by recursive calls
Summary A DoS can occur that immediately halts the system due to the use of an unsafe function. Details According to RFC 5322, nested group structures a group inside another group are not allowed. Therefore, in lib/addressparser/index.js, the email address parser performs flattening when nested...
Uncontrolled Recursion
Overview org.webjars.npm:nodemailer is an Easy as cake e-mail sending from your Node.js applications Affected versions of this package are vulnerable to Uncontrolled Recursion in the addressparser function. An attacker can cause the process to terminate immediately by sending an email address...
Uncontrolled Recursion
Overview nodemailer is an Easy as cake e-mail sending from your Node.js applications Affected versions of this package are vulnerable to Uncontrolled Recursion in the addressparser function. An attacker can cause the process to terminate immediately by sending an email address header containing...
EUVD-2025-199979
Uncontrolled recursion in the json2pb component in Apache bRPC version 1.15.0 on all platforms allows remote attackers to make the server crash via sending deep recursive json data. Root Cause: The bRPC json2pb component uses rapidjson to parse json data from the network. The rapidjson parser use...
CVE-2025-59789
Uncontrolled recursion in the json2pb component in Apache bRPC version 1.15.0 on all platforms allows remote attackers to make the server crash via sending deep recursive json data. Root Cause: The bRPC json2pb component uses rapidjson to parse json data from the network. The rapidjson parser use...
CVE-2025-59789
Uncontrolled recursion in the json2pb component in Apache bRPC version 1.15.0 on all platforms allows remote attackers to make the server crash via sending deep recursive json data. Root Cause: The bRPC json2pb component uses rapidjson to parse json data from the network. The rapidjson parser use...
CVE-2025-59789 Apache bRPC: Stack Exhaustion via Unbounded Recursion in JSON Parser
Uncontrolled recursion in the json2pb component in Apache bRPC version 1.15.0 on all platforms allows remote attackers to make the server crash via sending deep recursive json data. Root Cause: The bRPC json2pb component uses rapidjson to parse json data from the network. The rapidjson parser use...
CVE-2025-59789 Apache bRPC: Stack Exhaustion via Unbounded Recursion in JSON Parser
Uncontrolled recursion in the json2pb component in Apache bRPC version 1.15.0 on all platforms allows remote attackers to make the server crash via sending deep recursive json data. Root Cause: The bRPC json2pb component uses rapidjson to parse json data from the network. The rapidjson parser use...
CVE-2025-59789
CVE-2025-59789 : Apache bRPC’s json2pb component (uses rapidjson) is vulnerable to stack/exhaustion via deeply recursive JSON input, causing server crashes. Affected: bRPC
qtsvg: Uncontrolled recursion in Qt SVG module
A stack overflow flaw has been discovered in the Qt SVG module. When the module renders a Svg file that contains a element, it might end up rendering it recursively leading to stack overflow DoS...
libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c
A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map', leading to stack exhaustion and a local denial of service...
Moderate: Red Hat Security Advisory: libxml2 security update
An update for libxml2 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Moderate: Red Hat Security Advisory: libxml2 security update
An update for libxml2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c
A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map', leading to stack exhaustion and a local denial of service...
Linux Distros Unpatched Vulnerability : CVE-2025-66031
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge version...
ALSA-2025:22394 Moderate: qt6-qtsvg security update
Scalable Vector Graphics SVG is an XML-based language for describing two-dimensional vector graphics. Qt provides classes for rendering and displaying SVG drawings in widgets and on other paint devices. Security Fixes: qtsvg: Uncontrolled recursion in Qt SVG module CVE-2025-10728 For more details...
Moderate: libxml2 security update
The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c CVE-2025-9714 For more details about the security issues, including the impact, a CVSS...
Apache bRPC 安全漏洞
Apache bRPC is the United States Apache Apache Foundation's industrial-grade RPC framework for building reliable and high-performance services. Apache bRPC suffers from a denial of service vulnerability due to an uncontrolled recursion flaw in the json2pb component. An attacker could exploit the...
ALSA-2025:22376 Moderate: libxml2 security update
The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c CVE-2025-9714 For more details about the security issues, including the impact, a CVSS...
Apache bRPC Server Crash
Apache bRPC versions prior to 1.15.0 has an uncontrolled recursion vulnerability that allows for a server crash...