3993 matches found
encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion
A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635...
CVE-2025-32032
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan,...
AZL-60172 CVE-2025-32387 affecting package cert-manager 1.11.2-27
Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. This issue has been resolved in Helm v3.17.3...
CVE-2025-32387
Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. This issue has been resolved in Helm v3.17.3...
UBUNTU-CVE-2025-32387
Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. This issue has been resolved in Helm v3.17.3...
Uncontrolled Recursion
Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the LoadArchiveFiles function in archive.go. An attacker can cause a stack overflow by submitting a JSON Schema with excessive nested references. Workaround This vulnerability can be mitigated by ensuring that...
Uncontrolled Recursion
Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the LoadArchiveFiles function in archive.go. An attacker can cause a stack overflow by submitting a JSON Schema with excessive nested references. Workaround This vulnerability can be mitigated by ensuring that...
Uncontrolled Recursion
Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the LoadArchiveFiles function in archive.go. An attacker can cause a stack overflow by submitting a JSON Schema with excessive nested references. Workaround This vulnerability can be mitigated by ensuring that...
Uncontrolled Recursion
Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the LoadArchiveFiles function in archive.go. An attacker can cause a stack overflow by submitting a JSON Schema with excessive nested references. Workaround This vulnerability can be mitigated by ensuring that...
Elasticsearch Vulnerable to Stack Overflow due to a Large Recursion
An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow...
CVE-2025-32031
Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically due to internal...
CVE-2025-31496 apollo-compiler Named Fragment Processing Vulnerability
apollo-compiler is a query-based compiler for the GraphQL query language. Prior to 1.27.0, a vulnerability in Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. Named fragments were being processed once per fragment spread in...
libxslt: Use-After-Free in libxslt numbers.c
A flaw was found in libxslt numbers.c. This vulnerability allows a use-after-free, potentially leading to memory corruption or code execution via nested XPath evaluations where an XPath context node can be modified but not restored...
libxslt: Use-After-Free in libxslt numbers.c
A flaw was found in libxslt numbers.c. This vulnerability allows a use-after-free, potentially leading to memory corruption or code execution via nested XPath evaluations where an XPath context node can be modified but not restored...
libxslt: Use-After-Free in libxslt numbers.c
A flaw was found in libxslt numbers.c. This vulnerability allows a use-after-free, potentially leading to memory corruption or code execution via nested XPath evaluations where an XPath context node can be modified but not restored...
libxslt: Use-After-Free in libxslt numbers.c
A flaw was found in libxslt numbers.c. This vulnerability allows a use-after-free, potentially leading to memory corruption or code execution via nested XPath evaluations where an XPath context node can be modified but not restored...
libxslt: Use-After-Free in libxslt numbers.c
A flaw was found in libxslt numbers.c. This vulnerability allows a use-after-free, potentially leading to memory corruption or code execution via nested XPath evaluations where an XPath context node can be modified but not restored...
libxslt: Use-After-Free in libxslt numbers.c
A flaw was found in libxslt numbers.c. This vulnerability allows a use-after-free, potentially leading to memory corruption or code execution via nested XPath evaluations where an XPath context node can be modified but not restored...
libxslt: Use-After-Free in libxslt numbers.c
A flaw was found in libxslt numbers.c. This vulnerability allows a use-after-free, potentially leading to memory corruption or code execution via nested XPath evaluations where an XPath context node can be modified but not restored...
PT-2025-15296 · Apollo · Apollo Router Core
Name of the Vulnerable Software and Affected Versions: Apollo Router Core versions prior to 1.61.2 Apollo Router Core versions prior to 2.1.1 Description: A vulnerability in the Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan...