CVE-2024-2965 Denial-of-Service in LangChain SitemapLoader in langchain-ai/langchain

A Denial-of-Service DoS vulnerability exists in the SitemapLoader class of the langchain-ai/langchain repository, affecting all versions. The parsesitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the...

CVE-2024-2965

CVE-2024-2965 affects the LangChain SitemapLoader in langchain-ai/langchain. The parse_sitemap function lacks a guard against self-referential sitemap recursion, enabling an infinite recursion loop that can exhaust server resources and crash the Python process. Multiple trusted sources (NVD, Red ...

LangChain Resource Management Error Vulnerability

LangChain is the LangChain open source framework for developing applications powered by the Large Language Model LLM. A resource management error vulnerability exists in LangChain because the parsesitemap method, which is responsible for parsing the sitemap and extracting the URL, lacks a mechani...

PT-2024-22949 · Langchain Ai · Langchain

Name of the Vulnerable Software and Affected Versions: langchain-ai/langchain versions prior to 0.2.5 langchain-community versions prior to 0.2.5 Description: A Denial-of-Service DoS issue exists in the SitemapLoader class due to the parse sitemap method lacking a mechanism to prevent infinite...

RHEL 9 : butane (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 - Uncontrolled recursio...

RHEL 9 : log4j (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies CVE-2023-26049 -...

RHEL 9 : golang (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags...

RHEL 7 : screen (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - screen: Stack overflow due to deep recursion causing process freeze CVE-2015-6806 Note that Nessus has not tested f...

VSS Snapshot Creation Delay on Server with DFSR Enabled

Article Applicability The issue described in this article affects earlier versions of Veeam Agent for Microsoft Windows VAW, however, the solution provided will only work with VAW 6.1.2 and higher. Challenge When backing up a server with the DFS feature enabled, the VSS snapshot creation step in...

json-path: stack-based buffer overflow in Criteria.parse method

A stack overflow vulnerability was found in the Criteria.parse method in json-path. This issue occurs due to an uncontrolled recursion caused by specially crafted input, leading to a stack overflow. This vulnerability has the potential to trigger a crash, resulting in a denial of service...

PT-2024-32717

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, related to the crypto: stm32/cryp module. The finalize operation in interrupt mode produces a spinlock recursion warning because BH...

OESA-2024-1642 containers-common security update

This package contains common configuration files and documentation for container tools ecosystem, such as Podman, Buildah and Skopeo. Security Fixes: Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhausti...

libXpm security update

3.5.12-11 - Drop hardening patches from previous version to keep ABI compatibility 3.5.12-10 - CVE-2023-43786 libX11: stack exhaustion from infinite recursion in PutSubImage - CVE-2023-43787 libX11: integer overflow in XCreateImage leading to a heap overflow - CVE-2023-43788 libXpm: out of bounds...

Moderate: Red Hat Security Advisory: libX11 security update

An update for libX11 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Updated python-sqlparse packages fix security vulnerability

Passing a heavily nested list to sqlparse.parse leads to a Denial of Service due to RecursionError...

UBUNTU-CVE-2023-52735

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Don't let sockmapclose,destroy,unhash call itself sockmap proto callbacks should never call themselves by design. Protect against bugs like 1 and break out of the recursive loop to avoid a stack overflow in favor of...

SUSE CVE-2024-35886

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix infinite recursion in fib6dumpdone. syzkaller reported infinite recursive calls of fib6dumpdone during netlink socket destruction. 1 From the log, syzkaller sent an AFUNSPEC RTMGETROUTE message, and then the response wa...

CVE-2024-35886

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix infinite recursion in fib6dumpdone. syzkaller reported infinite recursive calls of fib6dumpdone during netlink socket destruction. 1 From the log, syzkaller sent an AFUNSPEC RTMGETROUTE message, and then the response wa...

F5 Networks BIG-IP : Python vulnerabilities (K000139698)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K000139698 advisory. - Integer overflow in the getdata function in zipimport.c in CPython aka Python before 2.7.12, 3.x before...

DEBIAN-CVE-2024-35886

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix infinite recursion in fib6dumpdone. syzkaller reported infinite recursive calls of fib6dumpdone during netlink socket destruction. 1 From the log, syzkaller sent an AFUNSPEC RTMGETROUTE message, and then the response wa...