PT-2024-21907 · Orjson · Orjson

Name of the Vulnerable Software and Affected Versions: orjson versions prior to 3.9.15 Description: The issue is related to the orjson.loads function in orjson, which does not limit recursion for deeply nested JSON documents. This can lead to potential exploitation. Recommendations: For versions...

CVE-2024-1151

A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result,...

SUSE CVE-2024-25112

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function,...

CVE-2024-25112

A flaw was found in the Exiv2 command-line utility. The denial of service is triggered when Exiv2 is used to read the metadata of a crafted video file. An unbounded recursion can cause Exiv2 to crash by exhausting the stack...

Denial Of Service (DoS)

ibexiv2.so is vulnerable to Denial of Service DoS. The vulnerability is due to the QuickTimeVideo::multipleEntriesDecode function, which triggers unbounded recursion when reading the metadata of a crafted video file, resulting in DoS...

AZL-42558 CVE-2024-25112 affecting package exiv2 for versions less than 0.28.3-1

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function,...

PYSEC-2024-107

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function,...

PYSEC-2024-107

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function,...

Stack overflow

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function,...

CVE-2024-25112

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function,...

json-path: stack-based buffer overflow in Criteria.parse method

A stack overflow vulnerability was found in the Criteria.parse method in json-path. This issue occurs due to an uncontrolled recursion caused by specially crafted input, leading to a stack overflow. This vulnerability has the potential to trigger a crash, resulting in a denial of service...

squid: denial of service in HTTP request parsing

A flaw was found in Squid, which is susceptible to a Denial of Service DoS due to an Uncontrolled Recursion bug, specifically targeting HTTP Request parsing. Exploiting this issue involves a remote client initiating a DoS attack by sending an oversized X-Forwarded-For header when the...

squid: denial of service in HTTP request parsing

A flaw was found in Squid, which is susceptible to a Denial of Service DoS due to an Uncontrolled Recursion bug, specifically targeting HTTP Request parsing. Exploiting this issue involves a remote client initiating a DoS attack by sending an oversized X-Forwarded-For header when the...

RHEL 8 : squid:4 (RHSA-2024:0772)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0772 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects. Security Fixes: squid: DoS against...

serde-json-wasm stack overflow during recursive JSON parsing

When parsing untrusted, deeply nested JSON, the stack may overflow, possibly enabling a Denial of Service attack. This was fixed by adding a check for recursion depth...

Slackware Linux 15.0 / current xpdf Multiple Vulnerabilities (SSA:2024-040-01)

The version of xpdf installed on the remote host is prior to 4.05. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-040-01 advisory. - XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service stack consumption via a crafted pdf...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1132)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : bind (EulerOS-SA-2024-1132)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only...

Security Bulletin: IBM Asset Data Dictionary Component uses json-path-2.6.0.jar which is vulnerable to CVE-2023-51074.

Summary IBM Asset Data Dictionary Component uses json-path-2.6.0.jar which is vulnerable to CVE-2023-51074. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-51074 DESCRIPTION: json-path is vulnerable to a denial of service, cause...

Denial Of Service (DoS)

graphql-go is vulnerable to Uncontrolled Recursion. The vulnerability is caused due to improper malformed input checks within parser.go, which results in Denial Of ServiceDoS...