CVE-2024-56200 Uncontrolled Recursion and Asymmetric Resource Consumption in Altair media/file proxy

Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the CPU usage of the server on which this...

CVE-2024-49363 Uncontrolled Recursion and Asymmetric Resource Consumption (Amplification) in media/file proxy in Misskey

Misskey is an open source, federated social media platform. In affected versions FileServerService media proxy in github.com/misskey-dev/misskey 2024.10.1 or earlier did not detect proxy loops, which allows remote actors to execute a self-propagating reflected/amplified distributed...

CVE-2024-49363 Uncontrolled Recursion and Asymmetric Resource Consumption (Amplification) in media/file proxy in Misskey

Misskey is an open source, federated social media platform. In affected versions FileServerService media proxy in github.com/misskey-dev/misskey 2024.10.1 or earlier did not detect proxy loops, which allows remote actors to execute a self-propagating reflected/amplified distributed...

CosmosSDK: Transaction decoding may result in a stack overflow or resource exhaustion

ASA-2024-0012: Transaction decoding may result in a stack overflow When decoding a maliciously formed packet with a deeply-nested structure, it may be possible for a stack overflow to occur and result in a network halt. This was addressed by adding a recursion limit while decoding the packet...

Crash due to uncontrolled recursion in protobuf crate

Affected version of this crate did not properly parse unknown fields when parsing a user-supplied input. This allows an attacker to cause a stack overflow when parsing the mssage on untrusted data...

RUSTSEC-2024-0437 Crash due to uncontrolled recursion in protobuf crate

Affected version of this crate did not properly parse unknown fields when parsing a user-supplied input. This allows an attacker to cause a stack overflow when parsing the mssage on untrusted data...

protobuf: StackOverflow vulnerability in Protocol Buffers

A flaw was found in Protocol Buffers protobuf. This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion...

Advisory ROSA-SA-2024-2536

software: re2c 3.1 AXIS: ROSA-CHROME packageevrstring: re2c-3.1-1 CVE-ID: CVE-2022-23901 BDU-ID: None CVE-Crit: CRITICAL. CVE-DESC.: The re2c 2.2 stack overflow is due to infinite recursion issues in src/dfa/deadrules.cc. CVE-STATUS: Fixed CVE-REV: To close, run the command: sudo dnf update re2c...

CVE-2023-29001

CVE-2023-29001 affects Contiki-NG. The IPv6 SRH processing in Contiki-NG’s two RPL implementations can cause an uncontrolled recursion in the function tcpip_ipv6_output when a packet with a local next-hop address is received, potentially triggering a stack overflow. Exploitation requires attacker...

CVE-2023-29001 Uncontrolled recursion due to insufficient validation of the IPv6 source routing header in Contiki-NG

Contiki-NG is an open-source, cross-platform operating system for IoT devices. The Contiki-NG operating system processes source routing headers SRH in its two alternative RPL protocol implementations. The IPv6 implementation uses the results of this processing to determine whether an incoming...

CVE-2023-29001 Uncontrolled recursion due to insufficient validation of the IPv6 source routing header in Contiki-NG

Contiki-NG is an open-source, cross-platform operating system for IoT devices. The Contiki-NG operating system processes source routing headers SRH in its two alternative RPL protocol implementations. The IPv6 implementation uses the results of this processing to determine whether an incoming...

CVE-2023-29001 Uncontrolled recursion due to insufficient validation of the IPv6 source routing header in Contiki-NG

Contiki-NG is an open-source, cross-platform operating system for IoT devices. The Contiki-NG operating system processes source routing headers SRH in its two alternative RPL protocol implementations. The IPv6 implementation uses the results of this processing to determine whether an incoming...

CVE-2024-53090

In the Linux kernel, the following vulnerability has been resolved: afs: Fix lock recursion afswakeupasynccall can incur lock recursion. The problem is that it is called from AFRXRPC whilst holding the -notifylock, but it tries to take a ref on the afscall struct in order to pass it to a work que...

SUSE CVE-2024-53090

In the Linux kernel, the following vulnerability has been resolved: afs: Fix lock recursion afswakeupasynccall can incur lock recursion. The problem is that it is called from AFRXRPC whilst holding the -notifylock, but it tries to take a ref on the afscall struct in order to pass it to a work que...

CVE-2024-53090

In the Linux kernel, the following vulnerability has been resolved: afs: Fix lock recursion afswakeupasynccall can incur lock recursion. The problem is that it is called from AFRXRPC whilst holding the -notifylock, but it tries to take a ref on the afscall struct in order to pass it to a work que...

DEBIAN-CVE-2024-53090

In the Linux kernel, the following vulnerability has been resolved: afs: Fix lock recursion afswakeupasynccall can incur lock recursion. The problem is that it is called from AFRXRPC whilst holding the -notifylock, but it tries to take a ref on the afscall struct in order to pass it to a work que...

AZL-54617 CVE-2024-53090 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: afs: Fix lock recursion afswakeupasynccall can incur lock recursion. The problem is that it is called from AFRXRPC whilst holding the -notifylock, but it tries to take a ref on the afscall struct in order to pass it to a work que...

AZL-54608 CVE-2024-53090 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: afs: Fix lock recursion afswakeupasynccall can incur lock recursion. The problem is that it is called from AFRXRPC whilst holding the -notifylock, but it tries to take a ref on the afscall struct in order to pass it to a work que...

UBUNTU-CVE-2024-53090

In the Linux kernel, the following vulnerability has been resolved: afs: Fix lock recursion afswakeupasynccall can incur lock recursion. The problem is that it is called from AFRXRPC whilst holding the -notifylock, but it tries to take a ref on the afscall struct in order to pass it to a work que...

CVE-2024-53090 afs: Fix lock recursion

In the Linux kernel, the following vulnerability has been resolved: afs: Fix lock recursion afswakeupasynccall can incur lock recursion. The problem is that it is called from AFRXRPC whilst holding the -notifylock, but it tries to take a ref on the afscall struct in order to pass it to a work que...