15 matches found
RUSTSEC-2026-0009 Denial of Service via Stack Exhaustion
Impact When user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary,...
Denial of Service via Stack Exhaustion
Impact When user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary,...
EUVD-2021-0148
Malware in sbrugna...
GHSA-J828-28RJ-HFHP vLLM vulnerable to Regular Expression Denial of Service
Summary A recent review identified several regular expressions in the vllm codebase that are susceptible to Regular Expression Denial of Service ReDoS attacks. These patterns, if fed with crafted or malicious input, may cause severe performance degradation due to catastrophic backtracking. 1...
CVE-2021-43854
NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulnerable to regular expression denial of service ReDoS attacks. The vulnerability is present in...
PT-2024-28441 · Wagtail · Wagtail
Name of the Vulnerable Software and Affected Versions: Wagtail versions prior to 5.2.6 Wagtail versions prior to 6.0.6 Wagtail versions prior to 6.1.3 Description: A bug in Wagtail's parse query string function would result in it taking a long time to process suitably crafted inputs, leading to a...
PT-2024-20220 · Eserver · Ezserver
Name of the Vulnerable Software and Affected Versions: EzServer version 6.4.017 Description: The issue allows a denial of service daemon crash via a long string, such as one for the RNTO command. Recommendations: For EzServer version 6.4.017, consider restricting the length of input strings to...
DEBIAN-CVE-2023-34095
cpdb-libs provides frontend and backend libraries for the Common Printing Dialog Backends CPDB project. In versions 1.0 through 2.0b4, cpdb-libs is vulnerable to buffer overflows via improper use of scanf3. cpdb-libs uses the fscanf and scanf functions to parse command lines and configuration...
GNU C Library 日志信息泄露漏洞
The GNU C Library glibc, libc6 is an open-source, free C language compiler released under the LGPL license. A security vulnerability exists in GNU C Library glibc version 2.36, which stems from the fact that when the syslog function is passed a carefully crafted input string larger than 1024 byte...
DEBIAN-CVE-2022-31129
moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment more specifically rfc2822 parsing, which is tried by default has...
PT-2022-28156 · Luxon +1 · Luxon +1
Name of the Vulnerable Software and Affected Versions: Luxon versions 1.x prior to 1.38.1 Luxon versions 2.x prior to 2.5.2 Luxon versions 3.x prior to 3.2.1 Moment versions prior to 2.29.4 Description: The issue is related to quadratic N^2 complexity in date and time parsing on specific inputs,...
CVE-2022-31129 Inefficient Regular Expression Complexity in moment
moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment more specifically rfc2822 parsing, which is tried by default has...
Input validation
NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulnerable to regular expression denial of service ReDoS attacks. The vulnerability is present in...
CVE-2021-43854
CVE-2021-43854 affects the Python package NLTK. Versions prior to 3.6.5 are vulnerable to a Regular Expression Denial of Service (ReDoS) in the affected tokenizers: PunktSentenceTokenizer, sent_tokenize, and word_tokenize. The issue arises from inefficient regex backtracking on crafted inputs, ca...
PT-2017-18030 · Php +1 · Php +1
Name of the Vulnerable Software and Affected Versions: PHP versions through 7.1.4 Description: The issue allows attackers to cause a denial of service via operations on long strings, resulting in memory consumption and application crash. The vendor disputes this, stating that GMP safely aborts in...