CVE-2021-39929

CVE-2021-39929 affects the Bluetooth DHT dissector in Wireshark, causing Denial of Service via packet injections or crafted capture files for Wireshark 3.4.0–3.4.9 and 3.2.0–3.2.17 due to uncontrolled recursion. Remediation is upgrading Wireshark to a fixed version (e.g., 3.4.10+ per Debian/Alt L...

PT-2021-5595 · Wireshark +5 · Wireshark +5

Name of the Vulnerable Software and Affected Versions: Wireshark versions 3.2.0 through 3.2.17 Wireshark versions 3.4.0 through 3.4.9 Description: The issue is caused by uncontrolled recursion in the Bluetooth DHT dissector. This can be exploited by a remote attacker to cause a denial of service ...

The vulnerability of the sorting function in the library for viewing, creating, and editing DjVu files, related to an uncontrolled recursion, allows a hacker to cause service failures.

The vulnerability of the sorting function in the library for viewing, creating, and editing DjVu files in DjVuLibre is related to an uncontrolled recursion. Exploiting this vulnerability could allow a malicious actor to cause service failures...

NewStart CGSL CORE 5.04 / MAIN 5.04 : glibc Multiple Vulnerabilities (NS-SA-2021-0095)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has glibc packages installed that are affected by multiple vulnerabilities: - The posixspawnfileactionsaddopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allo...

F5 Networks BIG-IP : cURL vulnerability (K61186963)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3 / 17.5.1.1. It is, therefore, affected by a vulnerability as referenced in the K61186963 advisory. curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP...

The vulnerability of the ati-vga hardware emulation component in QEMU, related to uncontrolled recursion, allows a hacker to trigger a service failure.

The vulnerability of the ati-vga hardware emulation component in QEMU is related to an uncontrolled recursion. Exploiting this vulnerability can allow an attacker to cause a system failure...

ICONICS GENESIS64 and Mitsubishi Electric MC Works64 OPC UA

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendors: ICONICS, Mitsubishi Electric Equipment: ICONICS GENESIS64, Mitsubishi Electric MC Works64 Vulnerability: Uncontrolled Recursion 2. RISK EVALUATION Successful exploitation of this vulnerability could...

The vulnerability of the lyxml_parse_mem() function in the syntax analyzer and data modeling tool YANG Libyang, related to an uncontrolled recursion, allows attackers to cause service failures.

The vulnerability of the lyxmlparsemem function, a syntax analyzer and tool for data modeling in the YANG Libyang language, is related to an uncontrolled recursion in the lyxmlparseelem function. Exploiting this vulnerability could allow a malicious actor to cause service failures...

GHSA-39VW-QP34-RMWF Uncontrolled recursion leads to abort in deserialization

Affected versions of this crate did not properly check for recursion while deserializing aliases. This allows an attacker to make a YAML file with an alias referring to itself causing an abort. The flaw was corrected by checking the recursion depth...

Uncontrolled recursion leads to abort in deserialization

Affected versions of this crate did not properly check for recursion while deserializing aliases. This allows an attacker to make a YAML file with an alias referring to itself causing an abort. The flaw was corrected by checking the recursion depth...

Uncontrolled recursion in ammonia

An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization...

Uncontrolled recursion in rust-yaml

Affected versions of this crate did not prevent deep recursion while deserializing data structures. This allows an attacker to make a YAML file with deeply nested structures that causes an abort while deserializing it. The flaw was corrected by checking the recursion depth...

The vulnerability of the Moodle management system, related to uncontrolled recursion, allows a hacker to trigger a service failure.

The vulnerability of the Moodle administration system is related to an uncontrolled recursion. Exploiting this vulnerability could allow a malicious actor, operating remotely, to perform a denial-of-service attack by creating a specially crafted URL address...

Design/Logic Flaw

In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that...

UBUNTU-CVE-2021-22144

In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that...

CVE-2021-22144

CVE-2021-22144 affects Elasticsearch Grok parser. The vulnerability is an uncontrolled recursion that enables a DoS via specially crafted Grok queries submitted by an authenticated user, potentially crashing the node. Affected versions are Elasticsearch before 7.13.3 and 6.8.17. Public references...

The vulnerability of the Oniguruma regular expression library, related to an uncontrolled recursion, allows a hacker to trigger a service failure.

The vulnerability of the Oniguruma regular expression library is related to an uncontrolled recursion. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

CVE-2021-36154

HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows remote attackers to deny service via the delivery of many small messages within a single HTTP/2 frame, leading to Uncontrolled Recursion and stack consumption...

CVE-2021-36154

HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows remote attackers to deny service via the delivery of many small messages within a single HTTP/2 frame, leading to Uncontrolled Recursion and stack consumption...

CVE-2021-36154

CVE-2021-36154 affects gRPC Swift up to version 1.1.1, where HTTP2ToRawGRPCServerCodec can mishandle multiple small messages in a single HTTP/2 frame, causing uncontrolled recursion and denial of service. Public advisories (GHSA-4RHQ-VQ24-88GW and OSV/Red Hat entries) confirm the issue and state ...