CVE-2025-23325

CVE-2025-23325 affects NVIDIA Triton Inference Server for Windows and Linux. The vulnerability is an attacker-caused uncontrolled recursion via crafted input, with a stated potential impact of denial of service. The entry lists a CVSS v3.1 base score of 7.5 (High) with network attack vector and n...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion through the pdfseparate process. An attacker can cause the application to enter an infinite recursion by supplying a specially crafted PDF file, resulting in resource exhaustion and service disruption. Remediation...

Uncontrolled Recursion

Overview PyMuPDF is an A high performance Python library for data extraction, analysis, conversion & manipulation of PDF and other documents. Affected versions of this package are vulnerable to Uncontrolled Recursion when processing a crafted PDF file containing cyclic /Next references in the...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion when processing a crafted PDF file containing cyclic /Next references in the outline structure via the stripoutline function. An attacker can cause the application to enter an infinite recursion and crash by...

Uncontrolled Recursion

Overview mupdf is a MuPDF.js Affected versions of this package are vulnerable to Uncontrolled Recursion when processing a crafted PDF file containing cyclic /Next references in the outline structure via the stripoutline function. An attacker can cause the application to enter an infinite recursio...

Uncontrolled Recursion

Overview PyMuPDFPro is a Commercial extensions for PyMuPDF; enables Office document handling, including doc, docx, hwp, hwpx, ppt, pptx, xls, xls, and others. Supports text and table extraction, document conversion and more. Affected versions of this package are vulnerable to Uncontrolled Recursi...

PT-2025-32164 · Nvidia · Nvidia Triton Inference Server

Name of the Vulnerable Software and Affected Versions: NVIDIA Triton Inference Server for Windows and Linux affected versions not specified Description: The NVIDIA Triton Inference Server contains a flaw that allows an attacker to trigger uncontrolled recursion with a crafted input. Successful...

Amazon Linux 2023 : cargo, clippy, rust (ALAS2023-2025-1092)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1092 advisory. The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::codedinputstream::CodedInputStream::skipgroup parsing of unknown fields in untrusted input. CVE-2025-53605 Tenabl...

com.nimbusds/nimbus-jose-jwt: Uncontrolled recursion in Connect2id Nimbus JOSE + JWT

A denial of service flaw has been discovered in Connect2id Nimbus JOSE + JWT. This issue can allow a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set...

Amazon Linux 2 : rust (ALAS-2025-2933)

The version of rust installed on the remote host is prior to 1.86.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2933 advisory. The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::codedinputstream::CodedInputStream::skipgroup...

Security Bulletin: IBM Sterling Connect:Direct Web Services uses commons-lang3 and is vulnerable to CVE-2025-48924

Summary IBM Sterling Connect:Direct Web Services is vulnerable to uncontrolled recursion vulnerability in Apache Commons Lang. This has been addressed in new build available from IBM Repository. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache...

Denial Of Service (DoS)

com.nimbusds:nimbus-jose-jwt is vulnerable to Denial Of Service DoS. The vulnerability is due to uncontrolled recursion due to lack of validation on JSON object nesting depth in JWT claim sets, allowing remote attackers to exhaust system resources with deeply nested structures...

SUSE CVE-2025-48924

Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass... can throw StackOverflowError on very long input...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the ClassUtils.getClass function. An attacker can cause the application to terminate unexpectedly by providing excessively long input values. Remediation There is no fixed version for commons-lang:commons-lang...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the ClassUtils.getClass function. An attacker can cause the application to terminate unexpectedly by providing excessively long input values. Remediation Upgrade org.apache.commons:commons-lang3 to version...

Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs

Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass... can throw StackOverflowError on very long input...

GHSA-J288-Q9X7-2F5V Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs

Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass... can throw StackOverflowError on very long input...

AZL-65181 CVE-2025-48924 affecting package apache-commons-lang3 for versions less than 3.8.1-6

Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass... can throw StackOverflowError on very long input...

AZL-65144 CVE-2025-48924 affecting package apache-commons-lang3 for versions less than 3.8.1-6

Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass... can throw StackOverflowError on very long input...

CVE-2025-48924 Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs

Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass... can throw StackOverflowError on very long input...