SUSE CVE-2019-9192

In the GNU C Library aka glibc or libc6 through 2.29, checkdstlimitscalcpos1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '|\1\1' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs...

SUSE CVE-2019-15144

In DjVuLibre 3.5.27, the sorting functionality aka GArrayTemplate::sort allows attackers to cause a denial-of-service application crash due to an Uncontrolled Recursion by crafting a PBM image file that is mishandled in libdjvu/GContainer.h...

SUSE CVE-2019-15542

An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization...

SUSE CVE-2019-18797

LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operatorSass::BinaryExpression in eval.cpp...

SUSE CVE-2021-22144

In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that...

SUSE CVE-2021-39929

Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file...

SUSE CVE-2022-1771

Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975...

SUSE CVE-2022-30635

Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures...

Rocky Linux 9 : go-toolset and golang (RLSA-2022:5799)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5799 advisory. - Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function cou...

FreeBSD : re2c -- uncontrolled recursion (b0e1fa2b-9c86-11ed-9296-002b67dfc673)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b0e1fa2b-9c86-11ed-9296-002b67dfc673 advisory. - re2c before 2.0 has uncontrolled recursion that causes stack consumption in findfixedtags...

EulerOS Virtualization 2.10.0 : vim (EulerOS-SA-2022-2879)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Buffer Over-read in function grabfilename in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing...

EulerOS Virtualization 2.10.1 : vim (EulerOS-SA-2022-2897)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Buffer Over-read in function grabfilename in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing...

CVE-2022-23516 Uncontrolled Recursion in Loofah

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.2.0, 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a...

CVE-2022-23500 TYPO3 subject to Uncontrolled Recursion resulting in Denial of Service

TYPO3 is an open source PHP based web content management system. In versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1, requesting invalid or non-existing resources via HTTP triggers the page error handler, which again could retrieve content to be shown as an error message from another page...

CVE-2022-23500 TYPO3 subject to Uncontrolled Recursion resulting in Denial of Service

TYPO3 is an open source PHP based web content management system. In versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1, requesting invalid or non-existing resources via HTTP triggers the page error handler, which again could retrieve content to be shown as an error message from another page...

Uncontrolled Recursion

Overview loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Affected versions of this package are vulnerable to Uncontrolled Recursion when it uses recursion for sanitizing CDATA sections, making it susceptible to stack...

Uncontrolled Recursion in Loofah

Summary Loofah = 2.2.0, = 2.19.1. Users who are unable to upgrade may be able to mitigate this vulnerability by limiting the length of the strings that are sanitized...

SUSE SLED15: binutils / binutils-devel / binutils-devel-32bit / binutils-gold / etc (SUSE-SU-2022:4146-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4146-1 advisory. The following security bugs were fixed: - CVE-2019-1010204: Fixed out-of-bounds read in...

Oracle Linux 9 : mingw-gcc (ELSA-2022-8415)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-8415 advisory. 12.0.1-11.2 - Bump release and rebuild resolves: rhbz2096010 12.0.1-11.1 - Rebase to Fedora Rawhide resolves: rhbz2080170 Tenable has extracted the preceding...

The vulnerability in the open-source development environment for UEFI EDK2, related to uncontrolled recursion, allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of open-source development environments for UEFI EDK2 is related to uncontrolled recursion. Exploiting this vulnerability allows attackers to access confidential data, compromise its integrity, and cause service failures...