openSUSE Security Update : xen (openSUSE-2017-1022)

This update for xen to version 4.7.3 fixes several issues. These security issues were fixed : - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information XSA-226, bsc1051787. - CVE-2017-12137:...

Security update for xen (important)

This update for xen to version 4.7.3 fixes several issues. These security issues were fixed: - CVE-2017-12135: Unbounded recursion in grant table code allowed a malicious guest to crash the host or potentially escalate privileges/leak information XSA-226, bsc1051787. - CVE-2017-12137:...

CVE-2017-13756

In The Sleuth Kit TSK 4.4.2, opening a crafted disk image triggers infinite recursion in dosloadexttable in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls...

CVE-2017-13756

In The Sleuth Kit TSK 4.4.2, opening a crafted disk image triggers infinite recursion in dosloadexttable in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls...

CVE-2017-13756

In The Sleuth Kit TSK 4.4.2, opening a crafted disk image triggers infinite recursion in dosloadexttable in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls...

Code injection

In The Sleuth Kit TSK 4.4.2, opening a crafted disk image triggers infinite recursion in dosloadexttable in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls...

DEBIAN-CVE-2017-13756

In The Sleuth Kit TSK 4.4.2, opening a crafted disk image triggers infinite recursion in dosloadexttable in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls...

UBUNTU-CVE-2017-13756

In The Sleuth Kit TSK 4.4.2, opening a crafted disk image triggers infinite recursion in dosloadexttable in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls...

CVE-2017-13756

In The Sleuth Kit TSK 4.4.2, opening a crafted disk image triggers infinite recursion in dosloadexttable in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls...

CVE-2017-13756

In The Sleuth Kit TSK 4.4.2, opening a crafted disk image triggers infinite recursion in dosloadexttable in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls...

CVE-2017-13756

The Sleuth Kit (TSK) 4.4.2 contains CVE-2017-13756, where opening a crafted disk image triggers infinite recursion in dos_load_ext_table() (tsk/vs/dos.c) inside libtskvs.a, potentially causing a crash. Public notices across distributions report fixes: Debian’s sleuthkit package update (e.g., 4.4....

PT-2017-13078 · Tsk +1 · The Sleuth Kit +1

Name of the Vulnerable Software and Affected Versions: The Sleuth Kit TSK version 4.4.2 Description: The issue is triggered by opening a crafted disk image, leading to infinite recursion in the dos load ext table function in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls. Recommendations: Fo...

UBUNTU-CVE-2017-12595

The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service stack consumption and segmentation fault or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash ...

bind: Too long query name causes segmentation fault in lwresd

It was found that the lightweight resolver protocol implementation in BIND could enter an infinite recursion and crash when asked to resolve a query name which, when combined with a search list entry, exceeds the maximum allowable length. A remote attacker could use this flaw to crash lwresd or...

thrift: Infinite recursion via vectors involving the skip function

A vulnerability was discovered in Apache Thrift client libraries that allows remote, authenticated attackers to cause an infinite recursion via vectors involving the skip function; resulting in a denial of service DoS condition...

Qemu: usb: xhci infinite recursive call via xhci_kick_ep

QEMU aka Quick Emulator, when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service infinite recursive call via vectors involving control transfer descriptors sequencing...

CVE-2016-6312

The moddontdothat component of the moddavsvn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with access to the webdav repository to cause a denial of service memory...

PT-2017-8960 · Apache +1 · Subversion +3

Name of the Vulnerable Software and Affected Versions: Subversion as packaged in Red Hat Enterprise Linux 5.11 Description: The issue allows remote authenticated users with access to the webdav repository to cause a denial of service, resulting in memory consumption and httpd crash, due to improp...

CVE-2017-11164

In PCRE 8.41, the OPKETRMAX feature in the match function in pcreexec.c allows stack exhaustion uncontrolled recursion when processing a crafted regular expression...

CVE-2017-11164

In PCRE 8.41, the OPKETRMAX feature in the match function in pcreexec.c allows stack exhaustion uncontrolled recursion when processing a crafted regular expression...