CVE-2026-42445 NanaZip: Uncontrolled recursion in NanaZip UFS directory traversal causes stack exhaustion

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesystem image parser in NanaZip. The function GetAllPaths recurses into subdirectories without any depth limit or visited-inode tracking. A crafted UFS...

CVE-2026-42445

NanaZip 5.0.1252.0–before 6.0.1698.0 contains an uncontrolled recursion vulnerability in the UFS/UFS2 filesystem image parser. The function GetAllPaths recurses into subdirectories without a depth limit or visited-inode tracking, allowing a crafted UFS image with a very deep directory tree or an ...

EUVD-2026-29786

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the Electron Archive ASAR parser in NanaZip. When opening a crafted .asar file with deeply nested JSON in the header, both nlohmann::json::parse and the handler's...

Uncontrolled Recursion

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Uncontrolled Recursion through unbounded recursion when decoding nested message fields. An attacker can exhaust the call stack and cause the application to crash by supplying...

Uncontrolled Recursion

Overview protobufjs-cli is a Translates between file formats and generates static code as well as TypeScript definitions. Affected versions of this package are vulnerable to Uncontrolled Recursion through unbounded recursion when decoding nested message fields. An attacker can exhaust the call...

Uncontrolled Recursion

Overview eml-parser is a Python EML parser library Affected versions of this package are vulnerable to Uncontrolled Recursion through the getrawbodytext function. An attacker can cause the application to crash by supplying an email file with deeply nested message/rfc822 attachments, leading to...

stb-image-cwe674-poc

PoC — stbimage v2.30 GIF stbioutgifcode 무한 재귀 DoS...

Uncontrolled Recursion

@nestjs/microservices is vulnerable to Uncontrolled Recursion. The vulnerability is due to recursive processing of multiple JSON messages in a single TCP frame without proper recursion limits, which allows an attacker to trigger a stack overflow and crash the application...

CVE-2026-41673

CVE-2026-41673 affects xmldom (npm package @xmldom/xmldom/xmldom). The vulnerability arises from seven recursive traversals in lib/dom.js (including normalize, serializeToString, getElementsByTagName(s), getElementsByClassName, getElementById, cloneNode, importNode, textContent, isEqualNode) that...

ROS-20260506-73-0049

Vulnerability in python-cairosvg related to uncontrolled recursion. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses pyasn1 which is vulnerable to CVE-2026-30922

Summary IBM Maximo Application Suite - Visual Inspection component uses pyasn1 which is vulnerable to CVE-2026-30922, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-30922 DESCRIPTION: pyasn1 is a generic ASN.1 library for...

ROS-20260505-73-0015

A vulnerability in the ElementDeclHandler component of the Python Programming Language Interpreter CPython is related to uncontrolled recursion. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260505-73-0016

A vulnerability in the ElementDeclHandler component of the Python Programming Language Interpreter CPython is related to uncontrolled recursion. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260505-73-0018

A vulnerability in the ElementDeclHandler component of the Python Programming Language Interpreter CPython is related to uncontrolled recursion. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260505-73-0017

A vulnerability in the ElementDeclHandler component of the Python Programming Language Interpreter CPython is related to uncontrolled recursion. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

Security Bulletin: pyasn1 Uncontrolled Recursion in ASN.1 Decoding Enables Denial of Service

Summary pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the pyasn1 library is vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested...

Astra Linux - уязвимость в curl

Curl versions 7.21.0 through 7.73.0 are vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing...

Astra Linux - уязвимость в vim

Uncontrolled recursion in the GitHub repository vim/vim before version 8.2.4975...

Security Bulletin: IBM Maximo Application Suite - Predict Component component uses pyasn1-0.6.2-py3-none-any.whl which is vulnerable to this CVE-2026-30922

Summary IBM Maximo Application Suite - Predict Component was using vulnerable library pyasn1-0.6.2-py3-none-any.whl which is vulnerable to CVE-2026-30922. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-30922 DESCRIPTION: pyasn1 is a generic...

Uncontrolled Recursion

Axios is vulnerable to uncontrolled recursion. The vulnerability is due to the toFormData function recursively processing deeply nested objects without a depth limit, which allows an attacker to supply specially crafted input that triggers a stack overflow and crashes the Node.js process...