Security Bulletin: IBM Storage Fusion may be vulnerable to Denial of Service via use of golang.org/x/net, x/crypto, and x/text (CVE-2022-30633, CVE-2022-27664, CVE-2022-28131, CVE-2022-41721, CVE-2021-43565, CVE-2022-27191, CVE-2022-32149)

Summary Golang's x/net, x/crypto and x/text are used by IBM Storage Fusion for networking, cryptography and internationalization. Vulnerabilities in these libraries include Inconsistent Interpretation of HTTP Requests, Uncontrolled Recursion, and Missing Release of Resource that could lead to a...

The vulnerability of the Catalog::findDestInTree() function in PDF viewing software called Xpdf, which allows a hacker to cause a service failure.

The vulnerability of the Catalog::findDestInTree function in PDF viewing software called Xpdf is related to an uncontrolled recursion. Exploiting this vulnerability allows attackers to cause service failures...

Medium: re2c

Issue Overview: A stack overflow re2c 2.2 exists due to infinite recursion issues in src/dfa/deadrules.cc. CVE-2022-23901 Affected Packages: re2c Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras...

The vulnerability of the libiberty/cp-demangle.c component of the GNU Binutils development environment, related to an uncontrolled recursion, allows a attacker to cause a service failure.

The vulnerability of the libiberty/cp-demangle.c component of the GNU Binutils development environment is related to an uncontrolled recursion. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

Medium: re2c

Issue Overview: A stack overflow re2c 2.2 exists due to infinite recursion issues in src/dfa/deadrules.cc. CVE-2022-23901 Affected Packages: re2c Issue Correction: Run dnf update re2c --releasever 2023.2.20231113 or dnf update --advisory ALAS2023-2023-438 --releasever 2023.2.20231113 to update yo...

The vulnerability of the `find_abstract_instance` function in the `bfd/dwarf2.c` component of the GNU Binutils development environment allows a attacker to cause a service failure.

The vulnerability of the findabstractinstance function in the bfd/dwarf2.c component of the GNU Binutils development environment is related to an uncontrolled recursion. Exploiting this vulnerability allows a malicious actor to trigger a service failure using a specially created ELF file...

The vulnerability in the cr parser_parse_any_core function of the cr-parser.c library, which is used for working with cascade CSS2 Libcroco tables, allows a attacker to compromise the integrity of data and also cause service failures.

The vulnerability of the cr parserparseanycore function in the cr-parser.c library, which is used for working with cascading CSS2 Libcroco tables, is related to an uncontrolled recursion. Exploiting this vulnerability could allow a malicious actor to compromise data integrity and cause service...

The vulnerability of the OpenImageIO image processing library, related to uncontrolled recursion, allows a hacker to cause a service failure.

The vulnerability of the OpenImageIO image processing library is related to uncontrolled recursion. Exploiting this vulnerability could allow a malicious actor to cause service interruptions through the use of a specially created image file...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2023-3164)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

kernel: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Don't let sockmapclose,destroy,unhash call itself sockmap proto callbacks should never call themselves by design. Protect against bugs like 1 and break out of the recursive loop to avoid a stack overflow in favor of...

Rocky Linux 9 : pcre2 (RLSA-2022:5251)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5251 advisory. - An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compilexclassmatchingpath function of the pcre2jitcompile.c file. This...

Rocky Linux 8 : libcroco (RLSA-2020:3654)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2020:3654 advisory. - libcroco through 0.6.13 has excessive recursion in crparserparseanycore in cr-parser.c, leading to stack consumption. CVE-2020-12825 Note that Nessus has not...

SUSE SLES12 Security Update : poppler (SUSE-SU-2023:4362-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4362-1 advisory. - CCITTFaxStream::readRow in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service heap-based buffer over-rea...

SUSE CVE-2023-31794

MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdfmarklistpush. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted PDF file...

DEBIAN-CVE-2023-31794

MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdfmarklistpush. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted PDF file...

CVE-2023-31794

MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdfmarklistpush. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted PDF file...

CVE-2023-31794

MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdfmarklistpush. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted PDF file...

CVE-2023-31794

MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdfmarklistpush. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted PDF file...

Design/Logic Flaw

MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdfmarklistpush. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted PDF file...

UBUNTU-CVE-2023-31794

MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdfmarklistpush. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted PDF file...