Denial Of Service (DoS)

github.com/expr-lang/expr is vulnerable to denial of service DoS. The vulnerability is due to missing recursion depth limits in certain builtin functions, which allows an attacker to supply deeply nested or cyclic data structures and trigger infinite recursion leading to stack overflow and...

GO-2025-4245 Expr has Denial of Service via Unbounded Recursion in Builtin Functions in github.com/expr-lang/expr

Expr has Denial of Service via Unbounded Recursion in Builtin Functions in github.com/expr-lang/expr...

Expr has Denial of Service via Unbounded Recursion in Builtin Functions

...

SUSE CVE-2025-68156

Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including flatten, min, max, mean, and median, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation...

GHSA-CFPF-HRX2-8RV6 Expr has Denial of Service via Unbounded Recursion in Builtin Functions

Several builtin functions in Expr, including flatten, min, max, mean, and median, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation environment contains deeply nested or cyclic data structures, these functions may recurse...

DEBIAN-CVE-2025-68156

Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including flatten, min, max, mean, and median, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation...

CVE-2025-68156

Expr (Go library) contains a DoS risk in builtins such as flatten, min, max, mean, and median due to potential unbounded recursion on deeply nested or cyclic data. A fix was released in v1.17.7 introducing a maximum recursion depth limit; users can customize it via builtin.MaxDepth. The CVE conte...

CVE-2025-68156

Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including flatten, min, max, mean, and median, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation...

CVE-2025-68156 Expr has Denial of Service via Unbounded Recursion in Builtin Functions

Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including flatten, min, max, mean, and median, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation...

CVE-2025-68156 Expr has Denial of Service via Unbounded Recursion in Builtin Functions

Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including flatten, min, max, mean, and median, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation...

EUVD-2016-0779

Malware in sbrugna...

EUVD-2023-0267

Malicious code in bioql PyPI...

Business Logic Errors

vyper is vulnerable to Business Logic Errors. The vulnerability exists because the order of evaluation of the arguments of the builtin functions uint256addmod, uint256mulmod, ecadd and ecmul does not follow source order, which can be exploited by an attacker to create contracts that behave...

CVE-2023-41052

Vyper CVE-2023-41052 affects the Pythonic smart contract language Vyper. In affected versions, the evaluation order of arguments to builtins uint256_addmod, uint256_mulmod, ecadd, and ecmul does not follow source order, which can cause side effects in one argument to be relied upon by others. The...

PT-2023-27764 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper affected versions not specified Description: The order of evaluation of the arguments of the builtin functions uint256 addmod, uint256 mulmod, ecadd, and ecmul does not follow source order. This behavior is problematic when the evaluati...

SUSE SLED12 / SLES12 Security Update : gcc48 (SUSE-SU-2015:1833-1)

This update for GCC 4.8 provides the following fixes : - Fix C++11 std::randomdevice short read issue that could lead to predictable randomness. CVE-2015-5276, bsc945842 - Fix linker segmentation fault when building SLOF on ppc64le. bsc949000 - Fix noinstrumentfunction attribute handling on PPC64...

php: zend_strndup() NULL pointer dereference may cause DoS

PHP 5.3.8 does not always check the return value of the zendstrndup function, which might allow remote attackers to cause a denial of service NULL pointer dereference and application crash via crafted input to an application that performs strndup operations on untrusted string data, as demonstrat...