Slackware Linux 15.0 / current bind Vulnerability (SSA:2023-264-01)

The version of bind installed on the remote host is prior to 9.16.44 / 9.18.19. It is, therefore, affected by a vulnerability as referenced in the SSA:2023-264-01 advisory. - The code that processes control channel messages sent to named calls certain functions recursively during packet parsing...

ALPINE-CVE-2023-3341

The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory,...

AZL-34562 CVE-2023-3341 affecting package bind for versions less than 9.16.44-1

The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory,...

CVE-2023-3341 A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly

The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory,...

ISC BIND Buffer Error Vulnerability

ISC BIND is a set of open-source software that implements the DNS protocol from the American company ISC. A buffer error vulnerability exists in ISC BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18 .18-S...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : Bind vulnerabilities (USN-6390-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6390-1 advisory. It was discovered that Bind incorrectly handled certain control channel messages. A remote attacker with access to the control channe...

Wireshark 4.0.x < 4.0.8 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 4.0.8. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-4.0.8 advisory. - Multiple integer signedness errors in the tvbunmasked function in epan/dissectors/packet-websocket.c in...

SUSE CVE-2014-3532

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service system-bus disconnect of other services or applications by sending a message containing a file descriptor, then exceeding the maximum recursion depth before...

SUSE CVE-2016-3705

The 1 xmlParserEntityCheck and 2 xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service stack consumption and application crash via a crafted XML document containing a...

SUSE CVE-2016-6513

epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 2.x before 2.0.5 does not restrict the recursion depth, which allows remote attackers to cause a denial of service application crash via a crafted packet...

SUSE CVE-2017-9766

In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service stack exhaustion in the dissectIODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c...

SUSE CVE-2018-5336

In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth...

SUSE CVE-2018-9256

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth...

PT-2025-37090

Name of the Vulnerable Software and Affected Versions: libxml2 versions prior to 2.9.15 Description: An uncontrolled recursion issue in XPath evaluation within libxml2 allows a local attacker to cause a stack overflow through crafted expressions. The XPath processing functions xmlXPathRunEval,...

RUSTSEC-2022-0030 Stack overflow during recursive expression parsing

When parsing untrusted rulex expressions, the stack may overflow, possibly enabling a Denial of Service attack. This happens when parsing an expression with several hundred levels of nesting, causing the process to abort immediately. The flaw was corrected in commits 60aa2dc03a by adding a check ...

Stack overflow during recursive expression parsing

When parsing untrusted rulex expressions, the stack may overflow, possibly enabling a Denial of Service attack. This happens when parsing an expression with several hundred levels of nesting, causing the process to abort immediately. The flaw was corrected in commits 60aa2dc03a by adding a check ...

CVE-2020-36429

VariantencodeJson in open62541 1.x before 1.0.4 has an out-of-bounds write for a large recursion depth...

Uncontrolled recursion leads to abort in deserialization

Affected versions of this crate did not properly check for recursion while deserializing aliases. This allows an attacker to make a YAML file with an alias referring to itself causing an abort. The flaw was corrected by checking the recursion depth...

CVE-2020-36429

VariantencodeJson in open62541 1.x before 1.0.4 has an out-of-bounds write for a large recursion depth...

CVE-2020-36429

VariantencodeJson in open62541 1.x before 1.0.4 has an out-of-bounds write for a large recursion depth...