CVE-2022-23500 TYPO3 subject to Uncontrolled Recursion resulting in Denial of Service

TYPO3 is an open source PHP based web content management system. In versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1, requesting invalid or non-existing resources via HTTP triggers the page error handler, which again could retrieve content to be shown as an error message from another page...

CVE-2022-23500 TYPO3 subject to Uncontrolled Recursion resulting in Denial of Service

TYPO3 is an open source PHP based web content management system. In versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1, requesting invalid or non-existing resources via HTTP triggers the page error handler, which again could retrieve content to be shown as an error message from another page...

Loofah gem for Ruby 安全漏洞

The Loofah gem for Ruby is a Ruby-based library for processing and converting HTML/XML documents. A security vulnerability exists in Loofah gem for Ruby versions 2.19.1 through 2.2.0, which stems from the use of recursion to clean up the CDATA section, making it susceptible to stack exhaustion an...

GHSA-VR8J-HGMM-JH9R Denial of service by double-checked locking in openssl-src

If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems most widely: Windows this results in a denial of service when the affected process hangs. Policy processing being enabled o...

GHSA-3X8R-X6XP-Q4VM Uncontrolled Recursion in Loofah

Summary Loofah = 2.2.0, = 2.19.1. Users who are unable to upgrade may be able to mitigate this vulnerability by limiting the length of the strings that are sanitized. Severity The Loofah maintainers have evaluated this as High Severity 7.5 CVSS3.1. References - CWE - CWE-674: Uncontrolled Recursi...

Uncontrolled Recursion

Overview loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Affected versions of this package are vulnerable to Uncontrolled Recursion when it uses recursion for sanitizing CDATA sections, making it susceptible to stack...

Uncontrolled Recursion in Loofah

Summary Loofah = 2.2.0, = 2.19.1. Users who are unable to upgrade may be able to mitigate this vulnerability by limiting the length of the strings that are sanitized. Severity The Loofah maintainers have evaluated this as High Severity 7.5 CVSS3.1. References - CWE - CWE-674: Uncontrolled Recursi...

Denial Of Service (DoS)

netty-codec-haproxy is vulnerable to Denial Of Service DoS. The vulnerability is due to a StackOverflowError in the HAProxyMessage.java as it does not properly limit the maximum nesting of TLV, allowing an attacker to cause an application crash via infinite recursion by passing a maliciously...

Uncontrolled Recursion in Loofah

Summary Loofah = 2.2.0, = 2.19.1. Users who are unable to upgrade may be able to mitigate this vulnerability by limiting the length of the strings that are sanitized...

GHSA-FX2C-96VJ-985V HAProxyMessageDecoder Stack Exhaustion DoS

Impact A StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. Patches Users should upgrade to 4.1.86.Final. Workarounds There is no workaround, except using a custom HaProxyMessageDecoder. References When parsing a TLV with type = PP2TYPESSL, the...

HAProxyMessageDecoder Stack Exhaustion DoS

Impact A StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. Patches Users should upgrade to 4.1.86.Final. Workarounds There is no workaround, except using a custom HaProxyMessageDecoder. References When parsing a TLV with type = PP2TYPESSL, the...

CVE-2022-41881

Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except...

Design/Logic Flaw

Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except...

CVE-2022-41881

Netty CVE-2022-41881 concerns a StackOverflowError when parsing malformed crafted messages due to infinite recursion in the HAProxyMessageDecoder. The issue affects Netty versions before 4.1.86.Final and can lead to denial of service through resource exhaustion. The vulnerability is fixed in 4.1....

CVE-2022-41881

Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except...

GSD-2022-1007973 arm64: entry: avoid kprobe recursion

arm64: entry: avoid kprobe recursion This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.78 by commit 71d6c33fe223255f4416a01514da2c0bc3e283e7...

PT-2022-36076 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.8 Description: The issue is related to avoiding kprobe recursion in the arm64 entry of the Linux Kernel. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

CVE-2022-46405

Mastodon through 4.0.2 allows attackers to cause a denial of service large Sidekiq pull queue by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated message...

CVE-2022-46405

Mastodon through 4.0.2 allows attackers to cause a denial of service large Sidekiq pull queue by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated message...

Code injection

Mastodon through 4.0.2 allows attackers to cause a denial of service large Sidekiq pull queue by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated message...