golang: go/parser: stack exhaustion in all Parse* functions

A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability...

golang: encoding/xml: stack exhaustion in Decoder.Skip

A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability...

golang: regexp: stack exhaustion via a deeply nested expression

A stack overflow flaw was found in Golang's regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large...

Juniper is vulnerable to @DOS GraphQL Nested Fragments overflow

GraphQL behaviour Nested fragment in GraphQL might be quite hard to handle depending on the implementation language. Some language support natively a max recursion depth. However, on most compiled languages, you should add a threshold of recursion. graphql Infinite loop example query ...a fragmen...

GHSA-4RX6-G5VG-5F3J Juniper is vulnerable to @DOS GraphQL Nested Fragments overflow

GraphQL behaviour Nested fragment in GraphQL might be quite hard to handle depending on the implementation language. Some language support natively a max recursion depth. However, on most compiled languages, you should add a threshold of recursion. graphql Infinite loop example query ...a fragmen...

async-graphql / async-graphql - @DOS GraphQL Nested Fragments overflow

Impact Executing deeply nested queries may cause stack overflow. Patches Upgrade to v4.0.6...

GHSA-XQ3C-8GQM-V648 async-graphql / async-graphql - @DOS GraphQL Nested Fragments overflow

Impact Executing deeply nested queries may cause stack overflow. Patches Upgrade to v4.0.6...

OESA-2022-1783 golang security update

The Go Programming Language Security Fixes: When httputil.ReverseProxy.ServeHTTP was called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy would set the client IP as the value of the X-Forwarded-For header, contrary to its documentation. In the more...

Denial of service on deeply nested fragment requests

Deeply nested fragments in a GraphQL request may cause a stack overflow in the server...

Denial of service on deeply nested fragment requests

Deeply nested fragments in a GraphQL request may cause a stack overflow in the server...

SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2022:2422-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2422-1 advisory. - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in...

GO-2022-0526 Stack exhaustion when decoding certain messages in encoding/gob

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion...

Uncontrolled Recursion

Overview std/encoding/xml is a Go standard library package std/encoding/xml Affected versions of this package are vulnerable to Uncontrolled Recursion. Go Vulnerability Report: Unmarshaling an XML document into a Go struct which has a nested field that uses the 'any' field tag can panic due to...

GO-2022-0523 Stack exhaustion when unmarshaling certain documents in encoding/xml

Unmarshaling an XML document into a Go struct which has a nested field that uses the 'any' field tag can panic due to stack exhaustion...

Uncontrolled Recursion

Overview std/go/parser is a Go standard library package std/go/parser Affected versions of this package are vulnerable to Uncontrolled Recursion. Go Vulnerability Report: Calling any of the Parse functions on Go source code which contains deeply nested types or declarations can cause a panic due ...

GO-2022-0515 Stack exhaustion due to deeply nested types in go/parser

Calling any of the Parse functions on Go source code which contains deeply nested types or declarations can cause a panic due to stack exhaustion...

kernel: net: openvswitch: fix leak of nested actions

A flaw was found in the Open vSwitch module in the Linux kernel. Improper handling of allocated memory can lead to a memory leak, potentially impacting system performance and resulting in a denial of service...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Moderate: Red Hat Security Advisory: Red Hat build of Quarkus 2.7.6 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...

jackson-databind: denial of service via a large depth of nested objects

A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...