5279 matches found
CVE-2024-53090
In the Linux kernel, the following vulnerability has been resolved: afs: Fix lock recursion afswakeupasynccall can incur lock recursion. The problem is that it is called from AFRXRPC whilst holding the -notifylock, but it tries to take a ref on the afscall struct in order to pass it to a work que...
CVE-2024-53090 afs: Fix lock recursion
In the Linux kernel, the following vulnerability has been resolved: afs: Fix lock recursion afswakeupasynccall can incur lock recursion. The problem is that it is called from AFRXRPC whilst holding the -notifylock, but it tries to take a ref on the afscall struct in order to pass it to a work que...
CVE-2024-53090 afs: Fix lock recursion
In the Linux kernel, the following vulnerability has been resolved: afs: Fix lock recursion afswakeupasynccall can incur lock recursion. The problem is that it is called from AFRXRPC whilst holding the -notifylock, but it tries to take a ref on the afscall struct in order to pass it to a work que...
CVE-2024-53090
CVE-2024-53090 is a Linux kernel vulnerability affecting the AFS filesystem; the issue is a lock recursion in afs_wake_up_async_call() when invoked from AF_RXRPC while holding notify_lock and attempting to pass an afs_call reference to a workqueue. The race could trigger a spinlock recursion (oob...
sqlparse: parsing heavily nested list leads to denial of service
A flaw was found in sqlparse. This issue occurs in a heavily nested list in sqlparse.parse, where a recursion error may be triggered, which can lead to a denial of service...
sqlparse: parsing heavily nested list leads to denial of service
A flaw was found in sqlparse. This issue occurs in a heavily nested list in sqlparse.parse, where a recursion error may be triggered, which can lead to a denial of service...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the afswakeupasynccall function that could lead to lock recursion...
kernel: net/sched: Fix mirred deadlock on device recursion
In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix mirred deadlock on device recursion The Linux kernel CVE team has assigned CVE-2024-27010 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024050148-CVE-2024-27010-5a68@gregkh/T...
kernel: ipv6: Fix infinite recursion in fib6_dump_done().
In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix infinite recursion in fib6dumpdone. The Linux kernel CVE team has assigned CVE-2024-35886 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024051946-CVE-2024-35886-19d4@gregkh/T...
GHSA-F77Q-R5QM-W4M8 sp1-recursion-gnark-ffi has insufficient range checks of BabyBear arithmetic
The Gnark recursion circuit constrains arithmetic over BabyBear when the native field of the ZKP circuit is the BN254 scalar field. Proper implementation of this logic requires range checking Bn254 values to be less than the BabyBear modulus. In versions 1.2.0, functions like InvF and InvE used...
sp1-recursion-gnark-ffi has insufficient range checks of BabyBear arithmetic
The Gnark recursion circuit constrains arithmetic over BabyBear when the native field of the ZKP circuit is the BN254 scalar field. Proper implementation of this logic requires range checking Bn254 values to be less than the BabyBear modulus. In versions 1.2.0, functions like InvF and InvE used...
PT-2024-40264 · Gnark · Gnark
Name of the Vulnerable Software and Affected Versions: Gnark versions prior to 1.2.0 Description: The issue concerns the Gnark recursion circuit, which has constraints on arithmetic over BabyBear when the native field of the ZKP circuit is the BN254 scalar field. The problem arises from improper...
Denial of Service(DOS) in KnowledgeBaseWebReader
Target Target Description KnowledgeBaseWebReader class recursively calls getarticleurls method. If the attacker can control a url variable to contain the root URL, it can lead to infinite recursive calls involving the same root URL repeatedly. This would cause a Denial of Service DoS scenario,...
The vulnerability of the Next.js software platform for creating web applications, related to uncontrolled recursion, allows attackers to trigger service failures.
The vulnerability of the Next.js web application development software platform is related to uncontrolled recursion. Exploiting this vulnerability could allow a malicious actor to cause service failures...
Exiv2 has a denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder
Impact A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function, QuickTimeVideo::multipleEntriesDecoder, was new in v0.28.0 see https://github.com/Exiv2/exiv2/pull/2337, so Exiv2 versions before v0.28...
PT-2024-35554
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.0-rc2-build3+ Description The issue is related to lock recursion in the Linux kernel, specifically in the afs wake up async call function. This function can incur lock recursion when called from AF RXRPC whi...
protobuf: StackOverflow vulnerability in Protocol Buffers
A flaw was found in Protocol Buffers protobuf. This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion...
CVE-2024-47658
In the Linux kernel, the following vulnerability has been resolved: crypto: stm32/cryp - call finalize with bh disabled The finalize operation in interrupt mode produce a produces a spinlock recursion warning. The reason is the fact that BH must be disabled during this process...
protobuf: StackOverflow vulnerability in Protocol Buffers
A flaw was found in Protocol Buffers protobuf. This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion...
protobuf: StackOverflow vulnerability in Protocol Buffers
A flaw was found in Protocol Buffers protobuf. This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion...