go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion...

ROS-20241001-10

A vulnerability in the Parse function of the Go programming language is related to uncontrolled recursion. Exploitation exploitation of the vulnerability could allow a remote attacker to cause a denial of service. A vulnerability in the Decoder.Decode function of the Go programming language is...

go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion...

CVE-2024-34158

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion...

PT-2024-6107 · Go +10 · Go +10

Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.23.1 and 1.22.1 Description: The issue is related to the Parse function in the Go programming language, which can cause a panic due to stack exhaustion when dealing with deeply nested literals in Go source code. This ca...

CVE-2024-39853

adolphdudu ratio-swiper 0.0.2 was discovered to contain a prototype pollution via the function parse. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

Swiper Security Vulnerabilities

Swiper is a free mobile touch slider by Vladimir Kharlampidi personal developer. It is intended for use in mobile websites, mobile web applications and mobile native applications. A security vulnerability exists in Swiper version v0.0.2, which stems from the inclusion of prototype contamination v...

PT-2024-28701 · Unknown · Ratio-Swiper

Name of the Vulnerable Software and Affected Versions: ratio-swiper version 0.0.2 Description: The issue allows attackers to execute arbitrary code or cause a Denial of Service DoS by injecting arbitrary properties via the parse function, which is vulnerable to prototype pollution. Recommendation...

PT-2024-28316 · Adolph Dudu · Ratio-Swiper

Name of the Vulnerable Software and Affected Versions: adolph dudu ratio-swiper version 0.0.2 Description: The issue allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties through a prototype pollution vulnerability in the parse function...

PT-2024-26435 · Libyaml · Libyaml

Name of the Vulnerable Software and Affected Versions: libyaml version 0.2.5 Description: The issue affects the function yaml parser parse of the file /src/libyaml/src/parser.c, making libyaml vulnerable to Denial of Service DDOS attacks. Recommendations: As a temporary workaround, consider...

Google Pixel Security Breach

Google Pixel is a smartphone from Google, Inc. in the United States. A security vulnerability exists in Google Pixel, which stems from a lack of bounds checking in the ProtocolCellIdentityParserV4::Parse module of protocolnetadapter.cpp, which may allow out-of-bounds reads...

CVE-2024-29651

CVE-2024-29651 is a Prototype Pollution vulnerability in API Dev Tools json-schema-ref-parser (versions 11.0.0 and 11.1.0). The flaw allows remote code execution or denial of service by manipulating Object.prototype via bundle(), parse(), resolve(), or dereference() functions. Affected IBM stack ...

sqlparse 安全漏洞

sqlparse is Python's non-validating SQL parser. It provides support for parsing, splitting, and formatting SQL statements. A security vulnerability exists in sqlparse that stems from an application passing a nested list to sqlparse.parse, resulting in a denial of service...

UBUNTU-CVE-2023-46566

Buffer Overflow vulnerability in msoulier tftpy commit 467017b844bf6e31745138a30e2509145b0c529c allows a remote attacker to cause a denial of service via the parse function in the TftpPacketFactory class...

PT-2024-13362 · Msoulier · Tftpy

Name of the Vulnerable Software and Affected Versions: msoulier tftpy affected versions not specified Description: A Buffer Overflow issue allows a remote attacker to cause a denial of service via the parse function in the TftpPacketFactory class. This issue can be exploited by a remote attacker,...

CVE-2023-46566

msoulier tftpy is affected by a Buffer Overflow in the parse function of the TftpPacketFactory class. Root cause: inadequate input validation leads to remote denial of service. Impact: remote attacker over the network can cause a DoS; no patch/version details are provided in the supplied document...

domain-suffix RegEx Denial of Service

RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to crash the application via crafted input to the parse function. PoC js async function exploit const domainsuffix = require"domain-suffix"; // Crafting a string that will cause excessive backtracking const maliciousInput =...

CVE-2024-25354

RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to crash the application via crafted input to the parse function...

CVE-2024-25354

RegEx Denial of Service in domain-suffix 1.0.8 allows attackers to crash the application via crafted input to the parse function...

CVE-2024-25354

CVE-2024-25354 affects domain-suffix 1.0.8 (Node.js) with a RegEx Denial of Service in the parse function that can crash the application when given crafted input. Root cause: excessive backtracking in the regular expression. Impact: denial of service/crash; exploitation details are provided in pu...