1055 matches found
Uncontrolled Recursion
Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the LoadArchiveFiles function in archive.go. An attacker can cause a stack overflow by submitting a JSON Schema with excessive nested references. Workaround This vulnerability can be mitigated by ensuring that...
Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to uncontrolled recursion in golang (CVE-2022-30631)
Summary Golang is used by IBM Storage Fusion Data Foundation in mcg and cephcsi. as part of the operator. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2022-30631. Vulnerability Details CVEID:CVE-2022-30631 DESCRIPTION: Golang G...
Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to Uncontrolled Recursion in golang (CVE-2022-30632)
Summary Golang is used by IBM Storage Fusion Data Foundation in mcg and cephcsi. as part of the operator. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2022-30632. Vulnerability Details CVEID:CVE-2022-30632 DESCRIPTION: Golang G...
Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to Uncontrolled Recursion in Golang (CVE-2022-30635)
Summary Golang is used by IBM Storage Fusion Data Foundation as part of the operator's intrinsic functionality. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2022-30635. Vulnerability Details CVEID:CVE-2022-30635 DESCRIPTION:...
Uncontrolled Recursion
Square Wire is vulnerable to Uncontrolled Recursion. The vulnerability is due to uncontrolled recursion depth due to the lack of a recursion limit on nested groups in ByteArrayProtoReader32.kt and ProtoReader.kt, which can lead to excessive resource consumption or stack overflow...
Uncontrolled Recursion
Overview llama-index-readers-web is a llama-index readers web integration Affected versions of this package are vulnerable to Uncontrolled Recursion via the KnowledgeBaseWebReader class's getarticleurls function. An attacker can trigger a crash by supplying a URL to an object containing an href...
GHSA-PWF9-Q62P-V7WC Wire has Uncontrolled Recursion on Nested Groups
Square Wire before 5.2.0 does not enforce a recursion limit on nested groups in ByteArrayProtoReader32.kt and ProtoReader.kt...
Uncontrolled Recursion
Overview Affected versions of this package are vulnerable to Uncontrolled Recursion due to improper enforcement of recursion limits in ByteArrayProtoReader32.kt and ProtoReader.kt. An attacker can cause a denial of service by sending deeply nested group structures. Remediation Upgrade...
GHSA-2GH3-RMM4-6RQ5 Crash due to uncontrolled recursion in protobuf crate
Affected version of this crate did not properly parse unknown fields when parsing a user-supplied input. This allows an attacker to cause a stack overflow when parsing the message on untrusted data...
Crash due to uncontrolled recursion in protobuf crate
Affected version of this crate did not properly parse unknown fields when parsing a user-supplied input. This allows an attacker to cause a stack overflow when parsing the message on untrusted data...
PT-2025-28031 · Protobuf +1 · Protobuf +1
Name of the Vulnerable Software and Affected Versions: protobuf crate for Rust versions prior to 3.7.2 Description: The issue allows uncontrolled recursion in the protobuf::coded input stream::CodedInputStream::skip group function when parsing unknown fields in untrusted input. This can occur due...
Linux Distros Unpatched Vulnerability : CVE-2022-30632
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containin...
Linux Distros Unpatched Vulnerability : CVE-2022-30633
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshallin...
Uncontrolled Recursion
Overview Affected versions of this package are vulnerable to Uncontrolled Recursion due to a missing maximum tree depth check in emitter functions. Remediation Upgrade rapidyaml to version 0.7.0 or higher. References - GitHub Commit - GitHub PR...
Netplex Json-smart Uncontrolled Recursion vulnerability
A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service DoS. This issue exists because of an incomplete fix for...
CVE-2024-56200 Uncontrolled Recursion and Asymmetric Resource Consumption in Altair media/file proxy
Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the CPU usage of the server on which this...
CVE-2024-56200 Uncontrolled Recursion and Asymmetric Resource Consumption in Altair media/file proxy
Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the CPU usage of the server on which this...
CVE-2024-49363 Uncontrolled Recursion and Asymmetric Resource Consumption (Amplification) in media/file proxy in Misskey
Misskey is an open source, federated social media platform. In affected versions FileServerService media proxy in github.com/misskey-dev/misskey 2024.10.1 or earlier did not detect proxy loops, which allows remote actors to execute a self-propagating reflected/amplified distributed...
CVE-2024-49363 Uncontrolled Recursion and Asymmetric Resource Consumption (Amplification) in media/file proxy in Misskey
Misskey is an open source, federated social media platform. In affected versions FileServerService media proxy in github.com/misskey-dev/misskey 2024.10.1 or earlier did not detect proxy loops, which allows remote actors to execute a self-propagating reflected/amplified distributed...
Crash due to uncontrolled recursion in protobuf crate
Affected version of this crate did not properly parse unknown fields when parsing a user-supplied input. This allows an attacker to cause a stack overflow when parsing the mssage on untrusted data...