GHSA-GHFH-P92W-J4MG Elasticsearch Potential Node Crash due to Large Recursion in `innerForbidCircularReferences` Function

A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. A successful attack requires a malicious user to have readpipeline Elasticsearch cluster privilege assigned to the...

UBUNTU-CVE-2024-52981

An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow...

UBUNTU-CVE-2024-52980

A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. A successful attack requires a malicious user to have readpipeline Elasticsearch cluster privilege assigned to the...

CVE-2024-52981

CVE-2024-52981 affects Elasticsearch: a recursive parser for Well-Known Text (WKT) with nested GeometryCollection objects can trigger a stack overflow, leading to DoS. Affected: Elasticsearch 7.17.0–7.17.23 and 8.0–8.15.0. Fixed in 7.17.24 and 8.15.1 or newer. CVSS/NVD indicates high impact on av...

CVE-2024-52980 Elasticsearch Uncontrolled Resource Consumption vulnerability

A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. A successful attack requires a malicious user to have readpipeline Elasticsearch cluster privilege assigned to the...

CVE-2024-52980

CVE-2024-52980 refers to an Elasticsearch vulnerability where a large recursion in the PatternBank.innerForbidCircularReferences function can crash a node. The issue requires a user with read_pipeline cluster privilege to trigger the condition, making it a resource-exhaustion risk (availability l...

Elasticsearch 8.15.1 Security Update (ESA-2024-34)

Elasticsearch Uncontrolled Resource Consumption vulnerability ESA-2024-34 A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. A successful attack requires a malicious...

PT-2025-15467 · Elastic · Elasticsearch

Name of the Vulnerable Software and Affected Versions: Elasticsearch affected versions not specified Description: A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. ...

PT-2025-15477 · Unknown · Elasticsearch

Name of the Vulnerable Software and Affected Versions: Elasticsearch affected versions not specified Description: An issue was discovered where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stack overflow. Recommendations: At the...

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to uncontrolled recursion in golang (CVE-2022-30631)

Summary Golang is used by IBM Storage Fusion Data Foundation in mcg and cephcsi. as part of the operator. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2022-30631. Vulnerability Details CVEID:CVE-2022-30631 DESCRIPTION: Golang G...

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to Uncontrolled Recursion in golang (CVE-2022-30632)

Summary Golang is used by IBM Storage Fusion Data Foundation in mcg and cephcsi. as part of the operator. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2022-30632. Vulnerability Details CVEID:CVE-2022-30632 DESCRIPTION: Golang G...

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to Uncontrolled Recursion in Golang (CVE-2022-30635)

Summary Golang is used by IBM Storage Fusion Data Foundation as part of the operator's intrinsic functionality. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2022-30635. Vulnerability Details CVEID:CVE-2022-30635 DESCRIPTION:...

kernel: net/sched: Fix mirred deadlock on device recursion

In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix mirred deadlock on device recursion The Linux kernel CVE team has assigned CVE-2024-27010 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024050148-CVE-2024-27010-5a68@gregkh/T...

DEBIAN-CVE-2023-52986

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Check for any of tcpbpfprots when cloning a listener A listening socket linked to a sockmap has its skprot overridden. It points to one of the struct proto variants in tcpbpfprots. The variant depends on the socket'...

CVE-2023-52986

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Check for any of tcpbpfprots when cloning a listener A listening socket linked to a sockmap has its skprot overridden. It points to one of the struct proto variants in tcpbpfprots. The variant depends on the socket'...

CVE-2023-52986

CVE-2023-52986 is a Linux kernel issue affecting bpf, sockmap where a listening socket linked to a sockmap can have its sk_prot overridden to a variant in tcp_bpf_prots. The root cause is that cloning a child from a TCP listener checked only for the TCP_BPF_BASE proto variant, whereas the listene...

Uncontrolled Recursion

Square Wire is vulnerable to Uncontrolled Recursion. The vulnerability is due to uncontrolled recursion depth due to the lack of a recursion limit on nested groups in ByteArrayProtoReader32.kt and ProtoReader.kt, which can lead to excessive resource consumption or stack overflow...

Uncontrolled Recursion

Overview llama-index-readers-web is a llama-index readers web integration Affected versions of this package are vulnerable to Uncontrolled Recursion via the KnowledgeBaseWebReader class's getarticleurls function. An attacker can trigger a crash by supplying a URL to an object containing an href...

CVE-2024-12910

A vulnerability in the KnowledgeBaseWebReader class of the run-llama/llamaindex repository, version latest, allows an attacker to cause a Denial of Service DoS by controlling a URL variable to contain the root URL. This leads to infinite recursive calls to the getarticleurls method, exhausting...

PYSEC-2025-11

A vulnerability in the KnowledgeBaseWebReader class of the run-llama/llamaindex repository, version latest, allows an attacker to cause a Denial of Service DoS by controlling a URL variable to contain the root URL. This leads to infinite recursive calls to the getarticleurls method, exhausting...