Uncontrolled Recursion

Overview std/go/parser is a Go standard library package std/go/parser Affected versions of this package are vulnerable to Uncontrolled Recursion. Go Vulnerability Report: Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack...

libproxy: uncontrolled recursion via an infinite stream response leading to stack exhaustion

A flaw was found in libproxy in versions 0.4 through 0.4.15. A remote HTTP server can trigger an uncontrolled recursion via a response composed of an infinite stream that lacks a newline character leading to a stack exhaustion. The highest threat from this vulnerability is to system availability...

Uncontrolled Recursion

TensorFlow is vulnerable to an Uncontrolled Recursion vulnerability. The vulnerability is due to the failure to check for loops between nodes in TFLite graphs, allowing an attacker to craft models that could cause infinite loops or stack overflow during evaluation...

Uncontrolled Recursion

@apollo/gateway and @apollo/query-planner are vulnerable to Uncontrolled Recursion. The vulnerability is due to the query planner potentially entering an infinite loop when processing sufficiently complex queries, leading to unbounded memory consumption and possible system crashes...

Uncontrolled Recursion

matrix-js-sdk is vulnerable to Uncontrolled Recursion. The vulnerability is caused due to an infinite recursion in getRoomUpgradeHistory function causing the code to hang. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle and also by calling...

ROS-20240812-09

A vulnerability in the HttpStateData function of the Chunked decoder of the Squid proxy server is related to a buffer overflow on the stack as a result of uncontrolled recursion while processing HTTP messages. Exploitation of the vulnerability could allow an attacker acting remotely to cause a...

The vulnerability in the implementation of the Secure Boot protocol for operating systems with Windows, which allows attackers to circumvent existing security restrictions.

The vulnerability of the Secure Boot protocol for loading operating systems on Windows is related to uncontrolled recursion. Exploiting this vulnerability could allow an attacker to circumvent existing security restrictions...

PT-2024-4745 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to an uncontrolled recursion in the implementation of the Secure Boot protocol in Windows operating systems. This could allow an attacker to bypass existing security...

RHEL 9 : golang (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags...

RHEL 9 : butane (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 - Uncontrolled recursio...

json-path: stack-based buffer overflow in Criteria.parse method

A stack overflow vulnerability was found in the Criteria.parse method in json-path. This issue occurs due to an uncontrolled recursion caused by specially crafted input, leading to a stack overflow. This vulnerability has the potential to trigger a crash, resulting in a denial of service...

ROS-20240514-04

A vulnerability in the Netty networking software is associated with the occurrence of an interpretation conflict. Exploitation of the vulnerability could allow an attacker acting remotely to disclose and modify protected information A vulnerability in the Netty networking software is related to...

Uncontrolled Recursion

Exiv2 is vulnerable to an Uncontrolled Recursion. The vulnerability is due to faulty handling of directory offsets in bigtiffimage.cpp, allowing an infinite loop through recursive function calls when processing specially crafted TIFF files...

The vulnerability of Xenstore information storage in Xen hypervisors allows a attacker to cause a service failure.

The vulnerability of Xenstore information storage in the Xen hypervisor relates to an uncontrolled recursion. Exploiting this vulnerability could allow an attacker to cause a service failure...

RHEL 7 : jettison (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jettison: Uncontrolled Recursion in JSONArray CVE-2023-1436 - Those using Jettison to parse untrusted XML...

RHEL 6 : poppler (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - poppler: heap-based buffer over-read in function downsamplerowboxfilter in CairoRescaleBox.cc CVE-2019-96...

PT-2024-6208 · Unknown +2 · Hdf5 Library +2

Name of the Vulnerable Software and Affected Versions: HDF5 Library versions prior to 1.14.4 Description: The issue is related to the function H5E printf stack in the file H5Eint.c of the HDF5 Library, which is associated with uncontrolled recursion. This can lead to stack consumption. Exploitati...

json-path: stack-based buffer overflow in Criteria.parse method

A stack overflow vulnerability was found in the Criteria.parse method in json-path. This issue occurs due to an uncontrolled recursion caused by specially crafted input, leading to a stack overflow. This vulnerability has the potential to trigger a crash, resulting in a denial of service...

RHEL 9 : runc (RHSA-2024:2180)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2180 advisory. The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes:...

RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2023:3622)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3622 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...