Unbounded recursion in Python Protobuf

...

Nimbus JOSE + JWT is vulnerable to DoS attacks when processing deeply nested JSON

Connect2id Nimbus JOSE + JWT before 10.0.2 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2id product could have checked the...

CVE-2025-53864

Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2i...

Uncontrolled Recursion

Overview com.nimbusds:nimbus-jose-jwt is a library for JSON Web Tokens JWT Affected versions of this package are vulnerable to Uncontrolled Recursion due to the improper handling JWT claim sets containing deeply nested JSON objects. An attacker can cause application downtime or resource exhaustio...

Apache Commons Lang 安全漏洞

Apache Commons Lang is a tool library of the Apache USA Foundation. A security vulnerability exists in Apache Commons Lang versions 2.0 through 2.6 and 3.0 through versions prior to 3.18.0, which stems from the presence of infinite recursion in the ClassUtils.getClass method, which could lead to ...

CVE-2025-53864

Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2i...

DEBIAN-CVE-2025-38305

In the Linux kernel, the following vulnerability has been resolved: ptp: remove ptp-nvclocks check logic in ptpvclockinuse There is no disagreement that we should check both ptp-isvirtualclock and ptp-nvclocks to check if the ptp virtual clock is in use. However, when we acquire ptp-nvclocksmux t...

Security update for helm-mirror

This update for helm-mirror fixes the following issues: CVE-2025-32386: Fixed denial of service due to memory exhaustion after loading a specially crafter chart bsc1241028 CVE-2025-32387: Fixed stack overflow due to parser recursion that can exceed the stack size limit bsc1241031 Patch...

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to uncontrolled recursion in Golang (CVE-2022-30630)

Summary Golang is used by IBM Storage Fusion Data Foundation in mcg and cephcsi. as part of the operator. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2022-30630. Vulnerability Details CVEID:CVE-2022-30630 DESCRIPTION: Golang G...

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Overview llama-index-readers-web is a llama-index readers web integration Affected versions of this package are vulnerable to Improper Restriction of Recursive Entity References in DTDs 'XML Entity Expansion' via the parsesitemap function. An attacker can exhaust system memory and potentially cau...

Uncontrolled Recursion

Overview llama-index is an Interface between LLMs and your data Affected versions of this package are vulnerable to Uncontrolled Recursion via the JSONReader process. An attacker can cause the application to crash by submitting deeply nested JSON structures, resulting in a stack overflow and...

Uncontrolled Recursion

Overview llama-index-core is an Interface between LLMs and your data Affected versions of this package are vulnerable to Uncontrolled Recursion via the JSONReader process. An attacker can cause the application to crash by submitting deeply nested JSON structures, resulting in a stack overflow and...

CVE-2025-53605

A flaw was found in protobuf. The protobuf::codedinputstream::CodedInputStream::skipgroup function exhibits uncontrolled recursion when parsing unknown fields from untrusted input, potentially leading to excessive resource consumption. This flaw allows a network attacker to trigger this condition...

Duplicate Advisory: rust-protobuf crate is vulnerable to Uncontrolled Recursion, potentially leading to DoS

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2gh3-rmm4-6rq5. This link is maintained to preserve external references. The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::codedinputstream::CodedInputStream::skipgroup...

GHSA-RXF6-323F-44FC Duplicate Advisory: rust-protobuf crate is vulnerable to Uncontrolled Recursion, potentially leading to DoS

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2gh3-rmm4-6rq5. This link is maintained to preserve external references. The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::codedinputstream::CodedInputStream::skipgroup...

CVE-2025-53605

The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::codedinputstream::CodedInputStream::skipgroup parsing of unknown fields in untrusted input...

AZL-65574 CVE-2025-53605 affecting package kata-containers 3.2.0.azl2-7

The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::codedinputstream::CodedInputStream::skipgroup parsing of unknown fields in untrusted input...

CVE-2025-53605

The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::codedinputstream::CodedInputStream::skipgroup parsing of unknown fields in untrusted input...

AZL-65565 CVE-2025-53605 affecting package rust for versions less than 1.75.0-17

The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::codedinputstream::CodedInputStream::skipgroup parsing of unknown fields in untrusted input...

DEBIAN-CVE-2025-53605

The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::codedinputstream::CodedInputStream::skipgroup parsing of unknown fields in untrusted input...