CVE-2024-1455 Billion Laughs Attack leading to DoS in langchain-ai/langchain

A vulnerability in the langchain-ai/langchain repository allows for a Billion Laughs Attack, a type of XML External Entity XXE exploitation. By nesting multiple layers of entities within an XML document, an attacker can cause the XML parser to consume excessive CPU and memory resources, leading t...

Denial Of Service (DoS)

remarshal is vulnerable to Denial Of Service DoS. The vulnerability exists because remarshal.py does not properly limit the maximum nodes to be expanded. This allows YAML alias nodes to be expanded indefinitely when processing untrusted YAML files. Consequently, an attacker could exploit this...

GHSA-GW7G-QR8W-3448 Remarshal expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack

Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service DoS condition...

Remarshal expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack

Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service DoS condition...

CVE-2023-47163

Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service DoS condition...

CVE-2023-47163

Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service DoS condition...

PYSEC-2023-236

Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service DoS condition...

PYSEC-2023-236

Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service DoS condition...

Race condition

Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service DoS condition...

CVE-2023-47163

Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service DoS condition...

CVE-2023-47163

CVE-2023-47163 affects the Remarshal YAML processor. Before v0.17.1, it allows unlimited expansion of YAML alias nodes, enabling a Billion Laughs-style DoS when processing untrusted YAML files. The vulnerability is documented across multiple sources, and remediation is to upgrade to Remarshal v0....

CVE-2023-47163

Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service DoS condition...

Ubuntu 16.04 ESM : c3p0 vulnerability (USN-5293-2)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-5293-2 advisory. USN-5293-1 fixed a vulnerability in c3p0. This update provides the corresponding update for Ubuntu 16.04 ESM. Tenable has extracted the preceding description bloc...

GHSA-C24F-2J3G-RG48 kaml has potential denial of service while parsing input with anchors and aliases

Impact Applications that use kaml to parse untrusted input containing anchors and aliases may consume excessive memory and crash. Patches Version 0.53.0 and later default to refusing to parse YAML documents containing anchors and aliases. Workarounds None. References Wikipedia has an explanation ...

GHSA-74FP-R6JW-H4MP Kubernetes apimachinery packages vulnerable to unbounded recursion in JSON or YAML parsing

CVE-2019-11253 is a denial of service vulnerability in the kube-apiserver, allowing authorized users sending malicious YAML or JSON payloads to cause kube-apiserver to consume excessive CPU or memory, potentially crashing and becoming unavailable. When creating a ConfigMap object which has...

mofh Vulnerable to Improper Restriction of XML External Entity Reference

The xml.etree.ElementTree module that mofh used up until version 1.0.1 implements a simple and efficient API for parsing and creating XML data. But it makes the application vulnerable to: - Billion Laughs attack: It is a type of denial-of-service attack aimed at XML parsers. It uses multiple leve...

GHSA-7R9X-QRPR-3CXW mofh Vulnerable to Improper Restriction of XML External Entity Reference

The xml.etree.ElementTree module that mofh used up until version 1.0.1 implements a simple and efficient API for parsing and creating XML data. But it makes the application vulnerable to: - Billion Laughs attack: It is a type of denial-of-service attack aimed at XML parsers. It uses multiple leve...

Denial Of Service (DoS)

apport is vulnerable to denial of service. An attacker can crash the application through the billion laughs attack by providing a malicious input to the /.config/apport/settings...

UBUNTU-CVE-2022-28652

/.config/apport/settings parsing is vulnerable to "billion laughs" attack...

CLSA-2022-1641903536 Fix of 8 CVEs

CVE-2021-3517.patch: validate UTF8 in xmlEncodeEntities - CVE-2021-3518.patch: fix user-after-free with 'xmllint --xinclude --dropdtd' - CVE-2021-3537.patch: propagate error in xmlParseElementChildrenContentDeclPriv - CVE-2021-3541.patch: parser fix for the billion laughs attack -...