5149 matches found
NPM: Axios: unbounded recursion in toFormData causes DoS via deeply nested request data
NPM: Axios: unbounded recursion in toFormData causes DoS via deeply nested request data vulnerability discovered by ? in WordPress Npm axios versions = 0.31.0...
Axios: unbounded recursion in toFormData causes DoS via deeply nested request data
Summary toFormData recursively walks nested objects with no depth limit, so a deeply nested value passed as request data crashes the Node.js process with a RangeError. Details lib/helpers/toFormData.js:210 defines an inner buildvalue, path that recurses into every object/array child line 225:...
CVE-2026-44028
CVE-2026-44028 affects Nix and Lix: unbounded recursion in the NAR (Nix Archive) parser can cause a stack-to-heap overflow when parsing on a coroutine stack. The stack lacks a guard page, enabling a stack overflow to overwrite heap memory and potentially execute arbitrary code as the Nix daemon (...
ROS-20260505-73-0019
A vulnerability in the ElementDeclHandler component of the Python Programming Language Interpreter CPython is related to uncontrolled recursion. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20260505-73-0015
A vulnerability in the ElementDeclHandler component of the Python Programming Language Interpreter CPython is related to uncontrolled recursion. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
PT-2026-36940
Name of the Vulnerable Software and Affected Versions Nix versions 2.24.4 through 2.34.6 Lix versions 2.93.0 through 2.95.1 Description Unbounded recursion in the NAR Nix Archive parser can lead to a stack-to-heap overflow when the parser operates on a coroutine stack. Because the stack is...
ROS-20260505-73-0016
A vulnerability in the ElementDeclHandler component of the Python Programming Language Interpreter CPython is related to uncontrolled recursion. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20260505-73-0017
A vulnerability in the ElementDeclHandler component of the Python Programming Language Interpreter CPython is related to uncontrolled recursion. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20260505-73-0018
A vulnerability in the ElementDeclHandler component of the Python Programming Language Interpreter CPython is related to uncontrolled recursion. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
Security Bulletin: IBM Edge Data Collector uses pyasn1-0.6.2-py3-none-any.whl which is vulnerable to CVE-2026-30922.
Summary IBM Edge Data Collector uses pyasn1-0.6.2-py3-none-any.whl which is vulnerable to CVE-2026-30922. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-30922 DESCRIPTION: pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the pyas...
pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion
An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE 0x30 or SET 0x31 tags with Indefinite Length 0x80 markers. Thi...
pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion
An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE 0x30 or SET 0x31 tags with Indefinite Length 0x80 markers. Thi...
Security Bulletin: pyasn1 Uncontrolled Recursion in ASN.1 Decoding Enables Denial of Service
Summary pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the pyasn1 library is vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested...
dotnet: .NET: Denial of Service via Infinite Recursion in XmlDecryptionTransform
A flaw was found in .NET. A remote attacker could exploit this vulnerability by crafting a malicious XML document that triggers an infinite recursion within the XmlDecryptionTransform component. This could lead to a Denial of Service DoS, making the affected system unresponsive...
dotnet: .NET: Denial of Service via Infinite Recursion in XmlDecryptionTransform
A flaw was found in .NET. A remote attacker could exploit this vulnerability by crafting a malicious XML document that triggers an infinite recursion within the XmlDecryptionTransform component. This could lead to a Denial of Service DoS, making the affected system unresponsive...
dotnet: .NET: Denial of Service via Infinite Recursion in XmlDecryptionTransform
A flaw was found in .NET. A remote attacker could exploit this vulnerability by crafting a malicious XML document that triggers an infinite recursion within the XmlDecryptionTransform component. This could lead to a Denial of Service DoS, making the affected system unresponsive...
dotnet: .NET: Denial of Service via Infinite Recursion in XmlDecryptionTransform
A flaw was found in .NET. A remote attacker could exploit this vulnerability by crafting a malicious XML document that triggers an infinite recursion within the XmlDecryptionTransform component. This could lead to a Denial of Service DoS, making the affected system unresponsive...
Astra Linux - уязвимость в libpodofo
A flaw was discovered in PoDoFo 0.9.7. An uncontrolled recursive call within the PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow issue...
Astra Linux - уязвимость в curl
Curl versions 7.21.0 through 7.73.0 are vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing...
Astra Linux - уязвимость в linux
A issue was discovered in the Linux kernel before version 5.8. The lib/nlattr.c file allows attackers to cause a denial of service unbounded recursion through a nested Netlink policy with a back reference...