BIT-GOLANG-2022-1962 Stack exhaustion due to deeply nested types in go/parser

Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations...

BIT-GOLANG-2022-28131 Stack exhaustion from deeply nested XML documents in encoding/xml

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document...

BIT-GOLANG-2022-30630 Stack exhaustion in Glob on certain paths in io/fs

Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators...

BIT-GOLANG-2022-30631 Stack exhaustion when reading certain archives in compress/gzip

Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files...

BIT-GOLANG-2022-30632 Stack exhaustion on crafted paths in path/filepath

Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators...

BIT-GOLANG-2022-30633 Stack exhaustion when unmarshaling certain documents in encoding/xml

Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag...

BIT-GOLANG-2022-30635 Stack exhaustion when decoding certain messages in encoding/gob

Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures...

BIT-MASTODON-2022-46405

Mastodon through 4.0.2 allows attackers to cause a denial of service large Sidekiq pull queue by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated message...

BIT-ENVOY-2022-23606 Crash when a cluster is deleted in Envoy

Envoy is an open source edge and service proxy, designed for cloud-native applications. When a cluster is deleted via Cluster Discovery Service CDS all idle connections established to endpoints in that cluster are disconnected. A recursion was introduced in the procedure of disconnecting idle...

Squid 安全漏洞

Squid is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. A denial of service vulnerability exists in Squid that stems from the presence of a recursion error, which can be...

squid: denial of service in HTTP request parsing

A flaw was found in Squid, which is susceptible to a Denial of Service DoS due to an Uncontrolled Recursion bug, specifically targeting HTTP Request parsing. Exploiting this issue involves a remote client initiating a DoS attack by sending an oversized X-Forwarded-For header when the...

RHEL 9 : squid (RHSA-2024:1085)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:1085 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: denial of...

RHEL 9 : squid (RHSA-2024:1153)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1153 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects. Security Fixes: squid: DoS against...

openSUSE: Security Advisory for re2c (SUSE-SU-2023:3353-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2023:0147-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2021-46939

In the Linux kernel, the following vulnerability has been resolved: tracing: Restructure traceclockglobal to never block It was reported that a fix to the ring buffer recursion detection would cause a hung machine when performing suspend / resume testing. The following backtrace was extracted fro...

CVE-2021-46939

In the Linux kernel, the following vulnerability has been resolved: tracing: Restructure traceclockglobal to never block It was reported that a fix to the ring buffer recursion detection would cause a hung machine when performing suspend / resume testing. The following backtrace was extracted fro...

CVE-2021-46939

In the Linux kernel, the following vulnerability has been resolved: tracing: Restructure traceclockglobal to never block It was reported that a fix to the ring buffer recursion detection would cause a hung machine when performing suspend / resume testing. The following backtrace was extracted fro...

CVE-2021-46939

In the Linux kernel, the following vulnerability has been resolved: tracing: Restructure traceclockglobal to never block It was reported that a fix to the ring buffer recursion detection would cause a hung machine when performing suspend / resume testing. The following backtrace was extracted fro...

CVE-2021-46939

In the Linux kernel, the following vulnerability has been resolved: tracing: Restructure traceclockglobal to never block It was reported that a fix to the ring buffer recursion detection would cause a hung machine when performing suspend / resume testing. The following backtrace was extracted fro...