Linux Distros Unpatched Vulnerability : CVE-2024-41042

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nftables: prefer nftchainvalidate nftchainvalidate already performs loop detection because a cycle will result in a call stack overflow ctx-level =...

Azure Linux 3.0 Security Update: redis / valkey (CVE-2024-31228)

The version of redis / valkey installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-31228 advisory. - Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a...

PT-2025-51176

Name of the Vulnerable Software and Affected Versions uriparser versions through 0.9.9 Description The software is susceptible to an issue involving unbounded recursion and stack consumption. This occurs when processing large inputs containing numerous commas, specifically when using the...

Exiv2 has a denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder

Impact A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function, QuickTimeVideo::multipleEntriesDecoder, was new in v0.28.0 see https://github.com/Exiv2/exiv2/pull/2337, so Exiv2 versions before v0.28...

protobuf: StackOverflow vulnerability in Protocol Buffers

A flaw was found in Protocol Buffers protobuf. This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion...

protobuf: StackOverflow vulnerability in Protocol Buffers

A flaw was found in Protocol Buffers protobuf. This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion...

Security update for redis

This update for redis fixes the following issues: CVE-2024-31228: Fixed unbounded recursive pattern matching bsc1231265 CVE-2024-31449: Fixed integer overflow bug in Lua bittohex bsc1231264 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

CVE-2024-31228

A flaw was found in Redis. This flaw allows authenticated users to trigger a denial of service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST, and ACL definitions. Matching of extremely long patterns may...

CVE-2024-31228

Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST and ACL definitions. Matching of extremel...

PT-2024-23868

Name of the Vulnerable Software and Affected Versions: Redis versions prior to 6.2.16 Redis versions prior to 7.2.6 Redis versions prior to 7.4.1 Description: Redis, an open source, in-memory database, has a denial-of-service issue. Authenticated users can trigger this by using specially crafted,...

DEBIAN-CVE-2024-7254

Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a hit to the stack protection page due to an unbounded recursion that could result from old loop detection...

SUSE CVE-2024-25112

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function,...

CVE-2024-25112

A flaw was found in the Exiv2 command-line utility. The denial of service is triggered when Exiv2 is used to read the metadata of a crafted video file. An unbounded recursion can cause Exiv2 to crash by exhausting the stack...

Denial Of Service (DoS)

ibexiv2.so is vulnerable to Denial of Service DoS. The vulnerability is due to the QuickTimeVideo::multipleEntriesDecode function, which triggers unbounded recursion when reading the metadata of a crafted video file, resulting in DoS...

AZL-42558 CVE-2024-25112 affecting package exiv2 for versions less than 0.28.3-1

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function,...

PYSEC-2024-107

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function,...

PYSEC-2024-107

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function,...

SUSE CVE-2020-36691

An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service unbounded recursion via a nested Netlink policy with a back reference...

CVE-2020-36691

A flaw was found in lib/nlattr.c in the Linux kernel, before 5.8. This issue may allow an attacker to cause a denial of service unbounded recursion through a nested Netlink policy with a back reference...