342 matches found
CVE-2026-33947
Vulnerability summary (CVE-2026-33947) : In jq ≤ 1.8.1, functions jv_setpath(), jv_getpath(), and delpaths_sorted() in src/jv_aux.c perform unbounded recursion whose depth is driven by a caller-supplied path array. A crafted JSON input (flat array ~65,000 integers, ~200 KB) used as a path argumen...
PT-2026-32541
Name of the Vulnerable Software and Affected Versions jq versions 1.8.1 and earlier Description A command-line JSON processor is subject to a denial of service. The functions jv setpath, jv getpath, and delpaths sorted in src/jv aux.c use unbounded recursion where the depth is controlled by the...
CVE-2026-39376
FastFeedParser is a high performance RSS, Atom and RDF parser. Prior to 0.5.10, when parse fetches a URL that returns an HTML page containing a tag, it recursively calls itself with the redirect URL — with no depth limit, no visited-URL deduplication, and no redirect count cap. An...
GHSA-4GX2-PC4F-WQ37 FastFeedParser has an infinite redirect loop DoS via meta-refresh chain
Summary When parse fetches a URL that returns an HTML page containing a tag, it recursively calls itself with the redirect URL — with no depth limit, no visited-URL deduplication, and no redirect count cap. An attacker-controlled server that returns an infinite chain of HTML meta-refresh response...
FastFeedParser has an infinite redirect loop DoS via meta-refresh chain
Summary When parse fetches a URL that returns an HTML page containing a tag, it recursively calls itself with the redirect URL — with no depth limit, no visited-URL deduplication, and no redirect count cap. An attacker-controlled server that returns an infinite chain of HTML meta-refresh response...
CVE-2026-39376
FastFeedParser is a high performance RSS, Atom and RDF parser. Prior to 0.5.10, when parse fetches a URL that returns an HTML page containing a tag, it recursively calls itself with the redirect URL — with no depth limit, no visited-URL deduplication, and no redirect count cap. An...
CVE-2026-39376
FastFeedParser is a high performance RSS, Atom and RDF parser. Prior to 0.5.10, when parse fetches a URL that returns an HTML page containing a tag, it recursively calls itself with the redirect URL — with no depth limit, no visited-URL deduplication, and no redirect count cap. An...
MGASA-2026-0087 Updated python-pyasn1 packages fix security vulnerability
pyasn1 Vulnerable to Denial of Service via Unbounded Recursion. CVE-2026-30922...
Updated python-pyasn1 packages fix security vulnerability
pyasn1 Vulnerable to Denial of Service via Unbounded Recursion. CVE-2026-30922...
CVE-2026-34211
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, the @nyariv/sandboxjs parser contains unbounded recursion in the restOfExp function and the lispify/lispifyExpr call chain. An attacker can crash any Node.js process that parses untrusted input by supplying deeply nested expressions...
CVE-2026-34211 SandboxJS: Stack overflow DoS via deeply nested expressions in recursive descent parser
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, the @nyariv/sandboxjs parser contains unbounded recursion in the restOfExp function and the lispify/lispifyExpr call chain. An attacker can crash any Node.js process that parses untrusted input by supplying deeply nested expressions...
SandboxJS: Stack overflow DoS via deeply nested expressions in recursive descent parser
Summary The @nyariv/sandboxjs parser contains unbounded recursion in the restOfExp function and the lispify/lispifyExpr call chain. An attacker can crash any Node.js process that parses untrusted input by supplying deeply nested expressions e.g., 2000 nested parentheses, causing a RangeError:...
GHSA-8PFC-JJGW-6G26 SandboxJS: Stack overflow DoS via deeply nested expressions in recursive descent parser
Summary The @nyariv/sandboxjs parser contains unbounded recursion in the restOfExp function and the lispify/lispifyExpr call chain. An attacker can crash any Node.js process that parses untrusted input by supplying deeply nested expressions e.g., 2000 nested parentheses, causing a RangeError:...
PT-2026-30273
Summary The @nyariv/sandboxjs parser contains unbounded recursion in the restOfExp function and the lispify/lispifyExpr call chain. An attacker can crash any Node.js process that parses untrusted input by supplying deeply nested expressions e.g., 2000 nested parentheses, causing a RangeError:...
SUSE SLED15 / SLES15 Security Update : python-pyasn1 (SUSE-SU-2026:1158-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1158-1 advisory. - CVE-2026-30922: Denial of Service via Unbounded Recursion bsc1259803. Tenable has extracted the preceding description...
SUSE: Security Advisory (SUSE-SU-2026:1158-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for python-pyasn1
This update for python-pyasn1 fixes the following issues: CVE-2026-30922: Denial of Service via Unbounded Recursion bsc1259803. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...
SUSE-SU-2026:1158-1 Security update for python-pyasn1
This update for python-pyasn1 fixes the following issues: - CVE-2026-30922: Denial of Service via Unbounded Recursion bsc1259803...
openSUSE Security Advisory (SUSE-SU-2026:1075-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2026:1075-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...