CVE-2025-68156 Expr has Denial of Service via Unbounded Recursion in Builtin Functions

Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including flatten, min, max, mean, and median, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation...

PT-2025-51779

Name of the Vulnerable Software and Affected Versions Expr versions prior to 1.17.7 Description The Expr library, used for expression language and evaluation in Go, contains a flaw where certain builtin functions – including flatten, min, max, mean, and median – can cause a denial of service. The...

Denial Of Service (DoS)

langchain is vulnerable to a Denial-of-Service DoS. The vulnerability is due to infinite recursion in the parsesitemap method, which results in an infinite loop that exceeds the maximum recursion depth in Python...

GHSA-3HJH-JH2H-VRG6 Denial of service in langchain-community

Denial of service in SitemapLoader Document Loader in the langchain-community package, affecting versions below 0.2.5. The parsesitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap...

Denial of service in langchain-community

Denial of service in SitemapLoader Document Loader in the langchain-community package, affecting versions below 0.2.5. The parsesitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap...

CVE-2023-36632

The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed ...

CVE-2018-13795

Gravity before 0.5.1 does not support a maximum recursion depth...

Design/Logic Flaw

Gravity before 0.5.1 does not support a maximum recursion depth...

dbus -- multiple vulnerabilities

Simon McVittie reports: Alban Crequy at Collabora Ltd. discovered a bug in dbus-daemon's support for file descriptor passing. A malicious process could force system services or user applications to be disconnected from the D-Bus system bus by sending them a message containing a file descriptor,...