Astra Linux - уязвимость в libpodofo

A flaw was discovered in PoDoFo 0.9.7. An uncontrolled recursive call within the PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow issue...

CLSA-2026-1773137055 avahi: Fix of CVE-2026-24401

CVE-2026-24401: fix uncontrolled recursion in lookuphandlecname caused by recursive CNAMEs...

SUSE-SU-2026:0605-1 Security update for libxml2

This update for libxml2 fixes the following issues: - CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in xmlCatalogXMLResolveURI. bsc1256807, bsc1256811 - CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to...

MiracleLinux 9 : bind-dyndb-ldap-11.9-9.el9.ML.1, bind-9.16.23-18.el9.1 (AXSA:2024-7866:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7866:02 advisory. bind: Preparing an NSEC3 closest encloser proof can exhaust CPU resources CVE-2023-50868 bind: KeyTrap - Extreme CPU consumption in DNSSEC validator...

EUVD-2024-22472

Malicious code in bioql PyPI...

AZL-72941 CVE-2025-38459 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix infinite recursive call of clippush. syzbot reported the splat below. 0 This happens if we call ioctlATMARPMKIP more than once. During the first call, clipmkip sets clippush to vcc-push, and the second call copies ...

SUSE CVE-2024-42369

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This...

kernel: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Don't let sockmapclose,destroy,unhash call itself sockmap proto callbacks should never call themselves by design. Protect against bugs like 1 and break out of the recursive loop to avoid a stack overflow in favor of...

squid: Denial of Service in HTTP Chunked Decoding

A flaw was found in Squid. This issue may allow a remote attacker to trigger an uncontrolled recursion bug when sending a specially crafted, chunked, encoded HTTP Message, resulting in a denial of service...

squid: Denial of Service in HTTP Chunked Decoding

A flaw was found in Squid. This issue may allow a remote attacker to trigger an uncontrolled recursion bug when sending a specially crafted, chunked, encoded HTTP Message, resulting in a denial of service...

squid: Denial of Service in HTTP Chunked Decoding

A flaw was found in Squid. This issue may allow a remote attacker to trigger an uncontrolled recursion bug when sending a specially crafted, chunked, encoded HTTP Message, resulting in a denial of service...

UBUNTU-CVE-2024-25111

Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunke...

CVE-2024-25111

Squid (web proxy cache) is affected by CVE-2024-25111. Affected versions are 3.5.27 up to, but not including, 6.8; the issue is an uncontrolled recursion in the HTTP Chunked decoder that can cause a remote DoS when processing crafted chunked HTTP messages. The vulnerability is fixed in Squid vers...

SUSE SLES12 Security Update : squid (SUSE-SU-2024:0296-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0296-1 advisory. - Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1...

CVE-2023-50269

Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to...

SUSE CVE-2018-15853

Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation...

CVE-2022-1771

Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975...

ntfs-3g: Endless recursion from ntfs_attr_pwrite() triggered by an unallocated bitmap

The ntfs3g package is susceptible to a heap overflow on crafted input. When processing an NTFS image, proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is system availability...

UBUNTU-CVE-2021-38380

Live555 through 1.08 mishandles huge requests for the same MP3 stream, leading to recursion and s stack-based buffer over-read. An attacker can leverage this to launch a DoS attack...

AZL-36948 CVE-2020-12825 affecting package libcroco 0.6.13-6

libcroco through 0.6.13 has excessive recursion in crparserparseanycore in cr-parser.c, leading to stack consumption...