Lucene search
K

30 matches found

CVE
CVE
added 2026/06/30 11:16 p.m.34 views

CVE-2026-54592

The CVE-2026-54592 vulnerability affects Oj (Optimized JSON), a Ruby gem JSON parser/marshaller. In versions prior to 3.17.3, Oj::Doc#each_child can overflow a fixed-size stack buffer when recursively traversing deeply nested JSON, causing a DoS. The issue arises from a two-step chain in ext/oj/f...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/30 11:5 a.m.7 views

CVE-2026-57081

Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input. bdecode recurses once per nested list or dictionary level with no depth cap, and each recursive call receives the remaining buffer by value while the list and dictionary branches captu...

7.5CVSS6AI score0.00263EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/30 11:5 a.m.7 views

EUVD-2026-40290

Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input. bdecode recurses once per nested list or dictionary level with no depth cap, and each recursive call receives the remaining buffer by value while the list and dictionary branches captu...

7.5CVSS6AI score0.00263EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/19 7:36 p.m.6 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write through recursive calls to the eachchild function when processing deeply nested input. An attacker can cause the process to crash and trigger a denial of service by supplying a specially crafted, deeply nested JSON...

8.7CVSS5.9AI score0.00263EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/19 7:36 p.m.10 views

Oj: Stack Buffer Overflow in Oj::Doc#each_child via Deeply Nested Input

Summary Oj::Doceachchild, when invoked recursively over a deeply nested JSON document, overflows a fixed-size stack buffer and aborts the process. This is a denial of service reachable from untrusted JSON. Details Two-step chain in ext/oj/fast.c: 1. doceachchild line 1501 increments doc-where pas...

7.5CVSS6AI score0.00263EPSS
Exploits0References2Affected Software1
RubySec
RubySec
added 2026/06/19 12:0 a.m.7 views

Oj - Stack Buffer Overflow in Oj::Doc#each_child via Deeply Nested Input

Summary Oj::Doceachchild, when invoked recursively over a deeply nested JSON document, overflows a fixed-size stack buffer and aborts the process. This is a denial of service reachable from untrusted JSON. Impact Reliable denial of service: any endpoint that calls Oj::Doc.openuntrusted |d|...

7.5CVSS6AI score0.00263EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/06/11 1:27 p.m.10 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception through the link validation. An attacker can cause the application to crash or become unresponsive by submitting deeply nested input that triggers an unhandled RangeError exception. This is only exploitable if input...

6.9CVSS5.3AI score0.00039EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/11 1:27 p.m.7 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception through the link validation. An attacker can cause the application to crash or become unresponsive by submitting deeply nested input that triggers an unhandled RangeError exception. This is only exploitable if input...

6.9CVSS5.3AI score0.00039EPSS
Exploits0References2
OSV
OSV
added 2026/05/29 1:34 p.m.10 views

OESA-2026-2487 jq security update

jq is a lightweight and flexible command-line JSON processor. you can use it to slice and filter and map and transform structured data. It is written in portable C, and it has zero runtime dependencies. it can mangle the data format that you have into the one that you want. Security Fixes: jq is ...

7.3CVSS6AI score0.00161EPSS
Exploits7References8
Snyk
Snyk
added 2026/05/19 8:10 p.m.11 views

Uncontrolled Recursion

Overview sqlfluff is a The SQL Linter for Humans Affected versions of this package are vulnerable to Uncontrolled Recursion through the ParseContext and parser recursion in the SQL parser components. An attacker can exhaust parser stack depth and force repeated parse failures by supplying deeply...

8.7CVSS5.9AI score0.00263EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/13 7:23 p.m.11 views

CVE-2026-41257

A flaw was found in jq, a command line JSON processor. The memory allocation size is calculated using a signed integer that can overflow when processing deeply nested generator forks. This integer overflow allows an attacker who can supply a sufficiently nested input to influence the memory...

7.3CVSS5.8AI score0.00142EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/05/13 5:32 p.m.9 views

CVE-2026-43896

A flaw was found in jq, a command line JSON processor. The jvobjectmergerecursive function, reachable via the operator when both operands are objects, does not have a depth limit when processing nested objects. This missing depth limit allows an attacker who can supply a sufficiently nested input...

6.2CVSS5.8AI score0.00154EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/05/13 5:31 p.m.11 views

CVE-2026-40612

A flaw was found in jq, a command line JSON processor. The jvcontains function does not have a depth limit when processing nested arrays or objects. This missing depth limit allows an attacker who can supply a sufficiently nested input structure to exhaust the stack memory, causing an application...

6.8CVSS5.8AI score0.00161EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.36 views

PT-2026-39942

Issuing an ICMP ping via the net ping shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input path on the same system work-queue stack. Because the destination is recognized as a local address, both the echo request and the resulting echo reply are...

6.1CVSS5.9AI score0.00144EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/11 5:16 p.m.9 views

CVE-2026-40612

jq is a command-line JSON processor. In 1.8.1 and earlier, jvcontains recurses into nested arrays/objects with no depth limit. With a sufficiently nested input structure built programmatically with reduce, since the JSON parser caps at depth 10000, the C stack is exhausted...

6.8CVSS5.8AI score0.00161EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/07 5:6 p.m.3 views

CVE-2026-34211

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, the @nyariv/sandboxjs parser contains unbounded recursion in the restOfExp function and the lispify/lispifyExpr call chain. An attacker can crash any Node.js process that parses untrusted input by supplying deeply nested expressions...

7.5CVSS5.9AI score0.00395EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.5 views

PT-2026-30273

Summary The @nyariv/sandboxjs parser contains unbounded recursion in the restOfExp function and the lispify/lispifyExpr call chain. An attacker can crash any Node.js process that parses untrusted input by supplying deeply nested expressions e.g., 2000 nested parentheses, causing a RangeError:...

6.9CVSS6.1AI score0.00395EPSS
Exploits1References4
CVE
CVE
added 2026/03/26 7:49 p.m.59 views

CVE-2026-33532

Summary: CVE-2026-33532 affects the yaml JavaScript library. The vulnerability is in the compose/resolve phase of the parser, where a recursive call path without a depth bound can cause a RangeError: Maximum call stack size exceeded when parsing YAML input (typical payload ~2–10 KB). This can lea...

4.3CVSS6.1AI score0.0047EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2026/03/23 6:53 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview cbor2 is a CBOR deserializer with extensive tag support Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the decoding of CBOR payloads. An attacker can cause the application to crash by submitting deeply nested input that trigger...

8.7CVSS7.1AI score0.00417EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/18 8:17 p.m.3 views

Uncontrolled Recursion

Overview nltk is a Natural Language Toolkit NLTK is a Python package for natural language processing. Affected versions of this package are vulnerable to Uncontrolled Recursion via the JSONTaggedDecoder.decodeobj function in jsontags.py. An attacker can cause the application to crash by submittin...

5.1CVSS5.9AI score
Exploits0References3
Rows per page
Query Builder