130 matches found
CVE-2026-24006 Seroval affected by Denial of Service via Deeply Nested Objects
Seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, serialization of objects with extreme depth can exceed the maximum call stack limit. In version 1.4.1, Seroval introduces a depthLimit parameter in...
Uncontrolled Recursion
Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the dumps function in formatter.rs. An attacker can cause a core dump by supplying a deeply nested JSON document. PoC python import orjson import sys import platform printf'OS: platform.platform' printf'Python...
MiracleLinux 9 : delve-1.24.1-2.el9_5, golang-1.23.6-2.el9_5 (AXSA:2025-9852:01)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9852:01 advisory. encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156...
DEBIAN-CVE-2025-12084
When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents...
CVE-2025-12084
CVE-2025-12084 affects Python’s xml.dom.minidom when building nested elements via methods like appendChild() that rely on _clear_id_cache(); the algorithm becomes quadratic, potentially impacting availability under heavily nested documents. Connected advisories confirm a patch exists across multi...
CVE-2025-12084 Quadratic complexity in node ID cache clearing
When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via algorithmic complexity in the SQL parsing logic. The parser fails to enforce limits when handling deeply nested tuples or unusually large token sequences, allowing an attacker to...
Security Bulletin: Security vulnerability affect IBM Business Automation Workflow - CVE-2025-52999
Summary IBM Business Automation Workflow Case documentation in before 25.0.0 built upon a version of DITA, which packages a vulnerable copy of jackson-core. Vulnerability Details CVEID:CVE-2025-52999 DESCRIPTION: jackson-core contains core low-level incremental "streaming" parser and generator...
CLSA-2025-1762420153 delve: Fix of CVE-2024-34156
rebuild with newer golang to fix CVE-2024-34156 stack exhaustion in encoding/gob when decoding deeply nested structures...
EulerOS 2.0 SP13 : polkit (EulerOS-SA-2025-2274)
According to the versions of the polkit packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This...
Alibaba Cloud Linux 3 : 0144: pki-deps:10.6 (ALINUX3-SA-2025:0144)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2025:0144 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-52999: jackson-core contains core low-leve...
com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError
A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur...
Linux Distros Unpatched Vulnerability : CVE-2020-36518
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. CVE-2020-36518 Note that Nessus...
Linux Distros Unpatched Vulnerability : CVE-2025-52999
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jackson-core contains core low-level incremental streaming parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a...
Medium: jackson-core
Issue Overview: jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth...
com.nimbusds/nimbus-jose-jwt: Uncontrolled recursion in Connect2id Nimbus JOSE + JWT
A denial of service flaw has been discovered in Connect2id Nimbus JOSE + JWT. This issue can allow a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set...
OESA-2025-1919 polkit security update
polkit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes. Security Fixes: A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggere...
SUSE-SU-2025:02527-1 Security update for polkit
This update for polkit fixes the following issues: - CVE-2025-7519: Fixed a XML policy file with a large number of nested elements that may lead to out-of-bounds write. bsc1246472...
AZL-65379 CVE-2025-7519 affecting package polkit for versions less than 0.119-4
A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account i...
CVE-2025-52999
jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly...