PT-2025-35963

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw within the drm/xe/migrate component that could lead to infinite recursion and a potential kernel panic. This occurs when handling memory alignment duri...

SUSE CVE-2025-9714

Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions xmlXPathRunEval, xmlXPathCtxtCompile, and xmlXPathEvalExpr were resetting recursion depth to zero before...

An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow.

...

An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of '{' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.

...

afs: Fix lock recursion

...

K000154575: Apache Commons Lang vulnerability CVE-2025-48924

Security Advisory Description Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass... can throw...

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by an Uncontrolled Recursion Vulnerability in Connect2id Nimbus JOSE + JWT (CVE-2025-53864)

Summary Connect2id Nimbus JOSE + JWT is used by IBM DevOps Deploy / IBM UrbanCode Deploy UCD as part of integrating with OpenID Connect providers OIDC and is affected by an Uncontrolled Recursion Vulnerability. CVE-2025-53864. Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id...

Linux Distros Unpatched Vulnerability : CVE-2024-4568

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Xpdf 4.05 and earlier, a PDF object loop in the PDF resources leads to infinite recursion and a stack overflow. CVE-2024-4568 Note that Nessus relies on the...

Linux Distros Unpatched Vulnerability : CVE-2025-38614

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - eventpoll: Fix semi-unbounded recursion Ensure that epoll instances can never form a graph deeper than EPMAXNESTS+1 links. Currently, eploopcheckproc ensures th...

Linux Distros Unpatched Vulnerability : CVE-2022-42321

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations e.g. for deleting a sub-tree of Xenstore...

Linux Distros Unpatched Vulnerability : CVE-2017-15377

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of...

Linux Distros Unpatched Vulnerability : CVE-2017-13756

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In The Sleuth Kit TSK 4.4.2, opening a crafted disk image triggers infinite recursion in dosloadexttable in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls...

Linux Distros Unpatched Vulnerability : CVE-2022-3222

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-DEV. CVE-2022-3222 Note that Nessus relies on the presence of the package as reported by th...

Linux Distros Unpatched Vulnerability : CVE-2018-21232

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - re2c before 2.0 has uncontrolled recursion that causes stack consumption in findfixedtags. CVE-2018-21232 Note that Nessus relies on the presence of the package...

Linux Distros Unpatched Vulnerability : CVE-2022-47662

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault /stack overflow due to infinite recursion in MediaGetSample isomedia/media.c:662 CVE-2022-47662 Note...

Linux Distros Unpatched Vulnerability : CVE-2018-20993

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the yaml-rust crate before 0.4.1 for Rust. There is uncontrolled recursion during deserialization. CVE-2018-20993 Note that Nessus...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Uncontrolled Recursion vulnerability in Apache Commons [CVE-2025-48924]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Uncontrolled Recursion vulnerability in Apache Commons Lang, caused by the methods ClassUtils.getClass... possibily throwing a StackOverflowError on very long inputs CVE-2025-48924. Apache Commons is used in our speech service...

Security Bulletin: Vulerability commons-lang3 affects IBM Integrated Analytics System

Summary The commons-lang3 library is used by IBM Integrated Analytics System for core utility functions. A vulnerability was identified in the ClassUtils.getClass... method, where uncontrolled recursion on very long inputs can trigger a StackOverflowError. As this error is often unhandled, it may...

CVE-2025-5302

A flaw was found in the JSONReader component of the llamaindex Python package, where the depthfirstyield function has no limit on the recursive number of times it is called. This vulnerability causes Python to reach its maximum recursive depth when parsing deeply nested JSON files. The program...

kernel: net/sched: Always pass notifications when child class becomes empty

A use-after-free UAF vulnerability was found in the Linux kernel's net/sched subsystem, specifically in the Credit-Based Shaper CBS qdisc implementation schcbs. The vulnerability occurs because the CBS qdisc's reset function qdiscresetqueue only resets its internal queue but fails to reset its...