5279 matches found
Important: squid
Issue Overview: Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remot...
Important: squid
Issue Overview: Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remot...
Security Bulletin: IBM Storage Ceph is vulnerable to uncontrolled recursion in Golang (CVE-2022-30631)
Summary Golang is used by IBM Storage Ceph as part of RGW and in assorted other locations. CVE-2022-30631 Vulnerability Details CVEID:CVE-2022-30631 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an uncontrolled recursion flaw in Reader.Read in compress/gzip due to stack...
SUSE SLES12 Security Update : squid (SUSE-SU-2024:0296-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0296-1 advisory. - Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1...
Debian dla-3726 : bind9 - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3726 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3726-1 [email protected] https://www.debian.org/lts/security/...
oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c
Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c...
squid: denial of service in HTTP request parsing
A flaw was found in Squid, which is susceptible to a Denial of Service DoS due to an Uncontrolled Recursion bug, specifically targeting HTTP Request parsing. Exploiting this issue involves a remote client initiating a DoS attack by sending an oversized X-Forwarded-For header when the...
Stack overflow during recursive JSON parsing
When parsing untrusted, deeply nested JSON, the stack may overflow, possibly enabling a Denial of Service attack. This was fixed by adding a check for recursion depth...
RUSTSEC-2024-0012 Stack overflow during recursive JSON parsing
When parsing untrusted, deeply nested JSON, the stack may overflow, possibly enabling a Denial of Service attack. This was fixed by adding a check for recursion depth...
Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Squid vulnerabilities (USN-6594-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6594-1 advisory. Joshua Rogers discovered that Squid incorrectly handled HTTP message processing. A remote attacker could possibly use this...
Uncontrolled Recursion in SurrealQL Parsing
In some specific instances, the SurrealQL parser will attempt to recursively parse nested statements or idioms i.e. nested IF and RELATE statements, nested basic idioms and nested access to attributes without checking if the depth limit established by default or in the SURREALMAXCOMPUTATIONDEPTH...
EulerOS 2.0 SP9 : bind (EulerOS-SA-2023-3291)
According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only...
EulerOS 2.0 SP10 : bind (EulerOS-SA-2023-3199)
According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only...
Denial Of Service
squid:buster is vulnerable to Denial Of Service. The vulnerability due to an Uncontrolled Recursion bug configured by sending a large X-Forwarded-For header when the followxforwardedfor feature. It allows a remote attacker to perform Denial of Service attack...
Uncontrolled Recursion (Denial Of Service)
Zigbee TLV in Wireshark 4.2.0 is vulnerable to Uncontrolled Recursion. The vulnerability is due to packet injection or crafted capture file resulting in denial of service...
Uncontrolled Recursion (Denial Of Service)
DOCSIS in Wireshark 4.2.0 is vulnerable to Uncontrolled Recursion. The vulnerability is due to packet injection or crafted capture file resulting in denial of service...
Uncontrolled Recursion (Denial Of Service)
GVCP in Wireshark 4.2.0 is vulnerable to Uncontrolled Recursion. The vulnerability is due to packet injection or crafted capture file resulting in denial of service...
Uncontrolled Recursion (Denial Of Service)
GVCP in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 is vulnerable to Uncontrolled Recursion. The vulnerability is due to packet injection or crafted capture file resulting in denial of service...
CLSA-2024-1705077885 Fix of 8 CVEs
SECURITY UPDATE: use-after-free in winclose - debian/patches/CVE-2023-48231.patch: check window is valid, before accessing it - CVE-2023-48231 SECURITY UPDATE: overflow with count for :s command - debian/patches/CVE-2023-48233.patch: abort the :s command if the count is too large - CVE-2023-48233...
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS : Go vulnerabilities (USN-6038-2)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6038-2 advisory. USN-6038-1 fixed several vulnerabilities in Go 1.18. This update provides the corresponding updates for Go 1.13 and G...