80 matches found
DEBIAN-CVE-2026-33532
yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...
EUVD-2018-5016
Malware in sbrugna...
EUVD-2023-28553
Malicious code in bioql PyPI...
Stack exhaustion in all Parse functions in go/parser
...
CVE-2021-21412
Potential for arbitrary code execution in npm package @thi.ng/egf gpg-tagged property values only if decrypt: true option is enabled. PR with patch has been submitted and will has been released as of v0.4.0 By default the EGF parse functions do NOT attempt to decrypt values since GPG only availab...
AZL-60572 CVE-2025-22872 affecting package helm for versions less than 3.15.2-3
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...
Amazon Linux 2 : ecs-init (ALASECS-2025-049)
The version of ecs-init installed on the remote host is prior to 1.89.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-049 advisory. An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resultin...
Medium: ecs-init
Issue Overview: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. CVE-2024-45338 Affected Packages: ecs-init Note: This advisory is applicable to Amazon...
Amazon Linux 2023 : soci-snapshotter (ALAS2023-2025-858)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-858 advisory. An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...
EulerOS 2.0 SP11 : golang (EulerOS-SA-2025-1138)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.CVE-2024-3415...
EulerOS 2.0 SP12 : golang (EulerOS-SA-2025-1174)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.CVE-2024-3415...
Security Bulletin: IBM DataPower Operator vulnerable to DoS due to use of Go (CVE-2024-34155, CVE-2024-34156)
Summary The affected calls are used by DataPower Operator for processing messages exchanged with Kubernetes and IBM DataPower Gateway. Vulnerability Details CVEID:CVE-2024-34156 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a stack exhaustion in Decoder.Decode. By sending...
AZL-54422 CVE-2024-45338 affecting package telegraf for versions less than 1.31.0-4
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...
AZL-54483 CVE-2024-45338 affecting package podman 4.1.1-26
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...
AZL-54425 CVE-2024-45338 affecting package kubernetes for versions less than 1.30.3-2
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...
AZL-54491 CVE-2024-45338 affecting package cri-o 1.30.1-1
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...
AZL-54485 CVE-2024-45338 affecting package buildah for versions less than 1.41.4-2
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...
AZL-54410 CVE-2024-45338 affecting package node-problem-detector for versions less than 0.8.15-3
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...
AZL-54428 CVE-2024-45338 affecting package cert-manager for versions less than 1.12.15-1
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...
AZL-54404 CVE-2024-45338 affecting package docker-buildx for versions less than 0.14.0-3
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...