GHSA-39VW-QP34-RMWF Uncontrolled recursion leads to abort in deserialization

Affected versions of this crate did not properly check for recursion while deserializing aliases. This allows an attacker to make a YAML file with an alias referring to itself causing an abort. The flaw was corrected by checking the recursion depth...

Uncontrolled recursion leads to abort in deserialization

Affected versions of this crate did not properly check for recursion while deserializing aliases. This allows an attacker to make a YAML file with an alias referring to itself causing an abort. The flaw was corrected by checking the recursion depth...

Uncontrolled recursion in ammonia

An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization...

Uncontrolled recursion in rust-yaml

Affected versions of this crate did not prevent deep recursion while deserializing data structures. This allows an attacker to make a YAML file with deeply nested structures that causes an abort while deserializing it. The flaw was corrected by checking the recursion depth...

Design/Logic Flaw

In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that...

UBUNTU-CVE-2021-22144

In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that...

CVE-2021-22144

CVE-2021-22144 affects Elasticsearch Grok parser. The vulnerability is an uncontrolled recursion that enables a DoS via specially crafted Grok queries submitted by an authenticated user, potentially crashing the node. Affected versions are Elasticsearch before 7.13.3 and 6.8.17. Public references...

CVE-2021-36154

HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows remote attackers to deny service via the delivery of many small messages within a single HTTP/2 frame, leading to Uncontrolled Recursion and stack consumption...

CVE-2021-36154

HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows remote attackers to deny service via the delivery of many small messages within a single HTTP/2 frame, leading to Uncontrolled Recursion and stack consumption...

CVE-2021-36154

CVE-2021-36154 affects gRPC Swift up to version 1.1.1, where HTTP2ToRawGRPCServerCodec can mishandle multiple small messages in a single HTTP/2 frame, causing uncontrolled recursion and denial of service. Public advisories (GHSA-4RHQ-VQ24-88GW and OSV/Red Hat entries) confirm the issue and state ...

EulerOS Virtualization for ARM 64 3.0.2.0 : libproxy (EulerOS-SA-2021-2073)

According to the version of the libproxy package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion...

Updated re2c package fixes a security vulnerability

re2c before 2.0 has uncontrolled recursion that causes stack consumption in findfixedtags CVE-2018-21232...

Unspecified vulnerability in PoDoFo (CNVD-2021-43538)

PoDoFo is a free, portable and easy to use PDF parsing, modification and creation library. An uncontrolled recursive call vulnerability exists in the PdfTokenizer::ReadArray, PdfTokenizer::GetNextVariant and PdfTokenizer::ReadDataType functions in PoDoFo version 0.9.7. An attacker could exploit...

DEBIAN-CVE-2021-30471

A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow...

Sourceforge PoDoFo 安全漏洞

PoDoFo is a free, portable and easy to use PDF parsing, modification and creation library. An uncontrolled recursive call vulnerability exists in the PdfTokenizer::ReadArray, PdfTokenizer::GetNextVariant and PdfTokenizer::ReadDataType functions in PoDoFo version 0.9.7. An attacker could exploit...

CVE-2021-27432

OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow...

Stack overflow

OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow...

CVE-2021-27432

OPC Foundation UA .NET Standard and OPC UA .NET Legacy are affected by CVE-2021-27432 due to an uncontrolled recursion that can trigger a stack overflow. Affected products are OPC UA .NET Standard prior to 1.4.365.48 and OPC UA .NET Legacy. The vulnerability enables remote exploitation (network v...

Unspecified Vulnerability in Siemens SIMATIC OPC UA

The Siemens SIMATIC CP443-1 OPC UA9 is a communication processor from Siemens, Germany. A security vulnerability exists in OPC UA. The vulnerability stems from the program's susceptibility to uncontrolled recursion, which can be exploited by an attacker to trigger a stack overflow...

OPC Foundation UA Products Built with .NET Framework

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: OPC Foundation Equipment: OPC UA Servers Vulnerability: Uncontrolled Recursion 2. RISK EVALUATION Successful exploitation of this vulnerability could trigger a stack overflow. 3. TECHNICAL DETAILS 3.1...