59 matches found
SUSE CVE-2025-38614
In the Linux kernel, the following vulnerability has been resolved: eventpoll: Fix semi-unbounded recursion Ensure that epoll instances can never form a graph deeper than EPMAXNESTS+1 links. Currently, eploopcheckproc ensures that the graph is loop-free and does some recursion depth checks, but...
CVE-2025-38614 eventpoll: Fix semi-unbounded recursion
In the Linux kernel, the following vulnerability has been resolved: eventpoll: Fix semi-unbounded recursion Ensure that epoll instances can never form a graph deeper than EPMAXNESTS+1 links. Currently, eploopcheckproc ensures that the graph is loop-free and does some recursion depth checks, but...
CVE-2025-38614
The CVE-2025-38614 entry describes a Linux kernel vulnerability in eventpoll where recursion depth in ep_loop_check_proc() could form deep trees and trigger semi-unbounded recursion. The root cause involved two shortcomings: (1) the depth checks did not consider upward paths, and (2) multiple dow...
json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)
A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘‘ or ‘‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed...
CVE-2025-52999 jackson-core Has Potential for StackoverflowError if user parses an input file that contains very deeply nested data
jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly...
json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)
A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘‘ or ‘‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed...
[SECURITY] [DLA 3520-1] libhtmlcleaner-java security update
Debian LTS Advisory DLA-3520-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany August 07, 2023 https://wiki.debian.org/LTS Package : libhtmlcleaner-java Version : 2.21-5+deb10u1 CVE ID : CVE-2023-34624 A security vulnerability has been discovered in...
EulerOS Virtualization 3.0.6.6 : expat (EulerOS-SA-2023-2422)
According to the versions of the expat packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Expat aka libexpat before 2.4.5, an attacker can trigger stack exhaustion in buildmodel via a large nesting depth in the DTD...
Denial Of Services (DoS)
flexjson is vulnerable to Denial Of Services DoS. The vulnerability exists due to a lack of nesting depth checks in the library, allowing an attacker to cause an application crash by passing a maliciously crafted JSON string...
json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)
A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘‘ or ‘‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed...
jackson-databind: denial of service via a large depth of nested objects
A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...
SnakeYAML 资源管理错误漏洞
SnakeYAML is a Java-based YAML parser. A security vulnerability exists in SnakeYAML 1.31 and earlier versions, which stems from a denial of service DoS issue due to the lack of a nesting depth limit for collections...
Stack exhaustion from deeply nested XML documents in encoding/xml
...
In Expat (aka libexpat) before 2.4.5 an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
...
DEBIAN-CVE-2022-25313
In Expat aka libexpat before 2.4.5, an attacker can trigger stack exhaustion in buildmodel via a large nesting depth in the DTD element...
UBUNTU-CVE-2022-25313
In Expat aka libexpat before 2.4.5, an attacker can trigger stack exhaustion in buildmodel via a large nesting depth in the DTD element...
CVE-2022-25313
In Expat aka libexpat before 2.4.5, an attacker can trigger stack exhaustion in buildmodel via a large nesting depth in the DTD element...
CVE-2022-25313
In Expat aka libexpat before 2.4.5, an attacker can trigger stack exhaustion in buildmodel via a large nesting depth in the DTD element...
UBUNTU-CVE-2018-9262
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth...