CVE-2026-40879 Nest: DoS via Recursive handleData in JsonSocket (TCP Transport)

Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.19, when an attacker sends many small, valid JSON messages in one TCP frame, handleData recurses once per message; the buffer shrinks each call. maxBufferSize is never reached; call stack overflows instead. ...

CVE-2026-40879

Summary: Nest (Node.js) suffers a DoS via recursive handling of JSON frames over TCP. Before 11.1.19, handleData() recursed for each valid JSON message in a single frame, causing call stack growth and eventual RangeError when a ~47 KB payload is sent. This is fixed in 11.1.19. What’s affected: Th...

GHSA-HPWF-8G29-85QM Nest Affected by DoS via Recursive handleData in JsonSocket (TCP Transport)

Impact Attacker sends many small, valid JSON messages in one TCP frame → handleData recurses once per message; buffer shrinks each call → maxBufferSize is never reached; call stack overflows instead → A 47 KB payload is sufficient to trigger RangeError Patches Fixed in @nestjs/[email protected]....

Nest Affected by DoS via Recursive handleData in JsonSocket (TCP Transport)

Impact Attacker sends many small, valid JSON messages in one TCP frame → handleData recurses once per message; buffer shrinks each call → maxBufferSize is never reached; call stack overflows instead → A 47 KB payload is sufficient to trigger RangeError Patches Fixed in @nestjs/[email protected]....

DEBIAN-CVE-2019-6292

An issue was discovered in singledocparser.cpp in yaml-cpp aka LibYaml-C++ 0.6.2. Stack Exhaustion occurs in YAML::SingleDocParser, and there is a stack consumption problem caused by recursive stack frames: HandleCompactMap, HandleMap, HandleFlowSequence, HandleSequence, HandleNode. Remote...

UBUNTU-CVE-2018-7337

In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. This was addressed in plugins/docsis/packet-docsis.c by removing the recursive algorithm that had been used for concatenated PDUs...