SUSE CVE-2023-2663

In Xpdf 4.04 and earlier, a PDF object loop in the page label tree leads to infinite recursion and a stack overflow...

SUSE CVE-2023-2664

In Xpdf 4.04 and earlier, a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow...

sqlparse: parsing heavily nested list leads to denial of service

A flaw was found in sqlparse. This issue occurs in a heavily nested list in sqlparse.parse, where a recursion error may be triggered, which can lead to a denial of service...

A stack overflow re2c 2.2 exists due to infinite recursion issues in src/dfa/dead_rules.cc.

...

Azure Linux 3.0 Security Update: redis / valkey (CVE-2024-31228)

The version of redis / valkey installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-31228 advisory. - Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a...

Netplex Json-smart Uncontrolled Recursion vulnerability

A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service DoS. This issue exists because of an incomplete fix for...

CVE-2024-27454

orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents...

The vulnerability of the sqlparse.parse() function in the SQL parser module for Python, Sqlparse, allows a hacker to cause a service failure.

The vulnerability of the sqlparse.parse function in the SQL parser module for Python, Sqlparse, is related to an uncontrolled recursion during the processing of deeply nested lists. Exploiting this vulnerability could allow a malicious actor to cause service failures...

CLSA-2025-1738170437 hivex: Fix of CVE-2021-3622

CVE-2021-3622: fix possible stack overflow by adding the depth of recursion in the getchildren...

CLSA-2025-1738170241 hivex: Fix of CVE-2021-3622

CVE-2021-3622: fix possible stack overflow by adding the depth of recursion in the getchildren...

OESA-2025-1056 podman security update

Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod library. Security Fixes: Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of...

OESA-2025-1055 podman security update

Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod library. Security Fixes: Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of...

BIT-PYTHON-MIN-2023-36632

The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed ...

DEBIAN-CVE-2024-12087

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the --inc-recursive option, a lack of proper...

CLSA-2025-1736503631 squid: Fix of 4 CVEs

CVE-2023-49285: Fix Buffer Overread bug to prevent Denial of Service attack - CVE-2023-49286: Fix Incorrect Check of Function Return Value bug in Helper process management - CVE-2023-50269: Fix Uncontrolled Recursion bug in HTTP Request parsing by limiting X-Forwarded-For header size to prevent...

LangChain < 0.2.5 DoS

The version of LangChain installed on the remote host is prior to 0.2.5. It is, therefore, affected by a Denial-of-Service DoS vulnerability in the SitemapLoader class. The parsesitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion...

bind: stack exhaustion in control channel code may lead to DoS

A flaw was found in the Bind package. The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size. Depending on the environment, this may cause the packet-parsing code...

PT-2025-11969 · Suricata +1 · Suricata +1

Name of the Vulnerable Software and Affected Versions: Suricata versions affected versions not specified Description: The issue is related to an infinite loop that can occur with negated pcre and an indefinite recursion limit setting. Recommendations: At the moment, there is no information about ...

PT-2025-51176

Name of the Vulnerable Software and Affected Versions uriparser versions through 0.9.9 Description The software is susceptible to an issue involving unbounded recursion and stack consumption. This occurs when processing large inputs containing numerous commas, specifically when using the...

CVE-2024-56200 Uncontrolled Recursion and Asymmetric Resource Consumption in Altair media/file proxy

Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the CPU usage of the server on which this...