5224 matches found
CVE-2020-26883
In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents...
CVE-2020-26883
Play Framework versions 2.6.0–2.8.2 contain a vulnerability caused by unbounded recursion during JSON parsing (notably in fromJson in form.scala per Veracode). This can lead to stack depletion/DoS via crafted JSON sent over the network. Affected components: Play Framework JSON parsing pathway; ro...
CVE-2020-28196
MIT Kerberos 5 aka krb5 before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1encode.c support for BER indefinite lengths lacks a recursion limit...
ALPINE-CVE-2020-28196
MIT Kerberos 5 aka krb5 before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1encode.c support for BER indefinite lengths lacks a recursion limit...
DEBIAN-CVE-2020-28196
MIT Kerberos 5 aka krb5 before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1encode.c support for BER indefinite lengths lacks a recursion limit...
CVE-2020-28196
MIT Kerberos 5 aka krb5 before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1encode.c support for BER indefinite lengths lacks a recursion limit...
UBUNTU-CVE-2020-28196
MIT Kerberos 5 aka krb5 before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1encode.c support for BER indefinite lengths lacks a recursion limit...
Code injection
MIT Kerberos 5 aka krb5 before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1encode.c support for BER indefinite lengths lacks a recursion limit...
CVE-2020-28196
MIT Kerberos 5 aka krb5 before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1encode.c support for BER indefinite lengths lacks a recursion limit...
CVE-2020-28196
MIT Kerberos 5 aka krb5 before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1encode.c support for BER indefinite lengths lacks a recursion limit...
CVE-2020-28196
MIT Kerberos 5 aka krb5 before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1encode.c support for BER indefinite lengths lacks a recursion limit...
CVE-2020-28196
CVE-2020-28196 affects MIT Kerberos 5 (krb5) prior to 1.17.2 and 1.18.x prior to 1.18.3. The vulnerability stems from unbounded recursion in the ASN.1 BER decoder (lib/krb5/asn.1/asn1_encode.c) due to no recursion limit for indefinite lengths. This can lead to denial of service due to resource ex...
CVE-2020-28196
MIT Kerberos 5 aka krb5 before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1encode.c support for BER indefinite lengths lacks a recursion limit...
CVE-2020-28196
MIT Kerberos 5 aka krb5 before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1encode.c support for BER indefinite lengths lacks a recursion limit...
PT-2020-6887
Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 versions 1.17.2 and earlier, 1.18.x versions prior to 1.18.3 MySQL Server version 8.0.23 and earlier Description The issue is related to unbounded recursion via an ASN.1-encoded Kerberos message due to the lack of a recursion...
Huawei EulerOS: Security Advisory for libcroco (EulerOS-SA-2020-2447)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
The vulnerability of the smb_fdata() function in the tcpdump utility for intercepting and analyzing network traffic allows a hacker to induce a service failure.
The vulnerability of the smbfdata function smbutil.c in the tool for capturing and analyzing network traffic, tcpdump, is caused by an uncontrolled recursion. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
tcpdump: Resource exhaustion in smb_fdata() funtion in smbutil.c
The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smbfdata via recursion...
tcpdump: Resource exhaustion in bgp_attr_print() function in print-bgp.c
An uncontrolled resource consumption flaw was discovered in the way tcpdump prints BGP packets. The BGP protocol allows ATTRSET to be nested as many times as the message can accommodate, however when a specially crafted packet is crafted and parsed by tcpdump, this may lead to stack exhaustion du...
Huawei EulerOS: Security Advisory for libproxy (EulerOS-SA-2020-2360)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...